Debian: New MySQL 4.1 packages fix several vulnerabilities

    Date22 May 2006
    CategoryDebian
    4255
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-0903, CVE-2006-1516, CVE-2006-1517, CVE-2006-1518

    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1073-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    May 22nd, 2006                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mysql-dfsg-4.1
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
    CERT advisory  : VU#602457
    BugTraq IDs    : 16850 17780
    Debian Bugs    : 366043 366048 366162
    
    Several vulnerabilities have been discovered in MySQL, a popular SQL
    database.  The Common Vulnerabilities and Exposures Project identifies
    the following problems:
    
    CVE-2006-0903
    
        Improper handling of SQL queries containing the NULL character
        allow local users to bypass logging mechanisms.
    
    CVE-2006-1516
    
        Usernames without a trailing null byte allow remote attackers to
        read portions of memory.
    
    CVE-2006-1517
    
        A request with an incorrect packet length allows remote attackers
        to obtain sensitive information.
    
    CVE-2006-1518
    
        Specially crafted request packets with invalid length values allow
        the execution of arbitrary code.
    
    The following vulnerability matrix shows which version of MySQL in
    which distribution has this problem fixed:
    
                       woody            sarge            sid
    mysql            3.23.49-8.15        n/a             n/a
    mysql-dfsg          n/a         4.0.24-10sarge2      n/a
    mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
    mysql-dfsg-5.0      n/a              n/a           5.0.21-3
    
    We recommend that you upgrade your mysql packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.dsc
          Size/MD5 checksum:     1029 fe1531d1b5169733638e64b98a0f2472
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.diff.gz
          Size/MD5 checksum:   166194 9ebbc861250d2e411a5e35cb7fc7fa6b
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
          Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge3_all.deb
          Size/MD5 checksum:    36074 dfb28c5169a7eaffd8fe72748a4a8a44
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_alpha.deb
          Size/MD5 checksum:  1590330 f982bc8df8b3ff88b6284e81223d69b5
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_alpha.deb
          Size/MD5 checksum:  7965144 881d5404f897d454100ee9a0b758b22b
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_alpha.deb
          Size/MD5 checksum:  1000496 30eb22210f99994481d1cb8d0f49ea70
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_alpha.deb
          Size/MD5 checksum: 17487728 c0a3b1d60dd487ae9d468dc7052c4c1b
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_amd64.deb
          Size/MD5 checksum:  1451580 f407ef8b6c520b23020df6f8ce4495aa
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_amd64.deb
          Size/MD5 checksum:  5551440 d1ded46c8b586cdee728fab22180208f
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_amd64.deb
          Size/MD5 checksum:   849082 9161807c8c260e7e0e2cd0cb9fa3a79d
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_amd64.deb
          Size/MD5 checksum: 14711044 d2d9275ff03c2c04adb64658a7e78564
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_arm.deb
          Size/MD5 checksum:  1388548 d823fd3ad8b1c5d54bfd7dbfc0957809
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_arm.deb
          Size/MD5 checksum:  5558362 4f49eae43b10441c852a91f02d9383fc
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_arm.deb
          Size/MD5 checksum:   836292 8616c375f5da29fac8c75081475390e8
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_arm.deb
          Size/MD5 checksum: 14557420 ac1dd6ea1d457a55f0920cf5367df57a
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_i386.deb
          Size/MD5 checksum:  1417574 c6bdb99fa2ab2def5403bfd97657b3bf
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_i386.deb
          Size/MD5 checksum:  5643226 a407082ba8a04f1753f70fe9c8e3f70c
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_i386.deb
          Size/MD5 checksum:   830226 997baad8b8255166dfebd155f24c7558
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_i386.deb
          Size/MD5 checksum: 14557608 c73ddde57d286c9df3742d5fd619281b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_ia64.deb
          Size/MD5 checksum:  1712842 eef94aab0159f71a9fd90772f91b4a76
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_ia64.deb
          Size/MD5 checksum:  7782132 755cc9d914f6ae116d5540920bf8dc99
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_ia64.deb
          Size/MD5 checksum:  1050204 b2ee7722223cb450f866ce69852fe304
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_ia64.deb
          Size/MD5 checksum: 18475254 c72ffcb6e1e7796b466950aceae48bb3
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_hppa.deb
          Size/MD5 checksum:  1550772 a7627788d338b1ee32017bbafcdd1bcd
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_hppa.deb
          Size/MD5 checksum:  6249776 3d4fc83da65ac4fe5a4b6135a20debf8
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_hppa.deb
          Size/MD5 checksum:   909638 ebf27138ed29103d90e6be0f5a8e28a0
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_hppa.deb
          Size/MD5 checksum: 15791200 3be40e327c9c309556f9b767fe6b8e58
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_m68k.deb
          Size/MD5 checksum:  1397530 e0e5f01d008cd40ee38b7e7a30f5d69e
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_m68k.deb
          Size/MD5 checksum:  5283788 d4186f7a2c0c231d4376087a51b74a5a
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_m68k.deb
          Size/MD5 checksum:   803448 772bd59ae1d8ea5af95dc2b416661608
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_m68k.deb
          Size/MD5 checksum: 14071540 766cce55819838830b209a23b343c5c2
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mips.deb
          Size/MD5 checksum:  1478502 618699397eb82eead99acf01c4d25f59
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mips.deb
          Size/MD5 checksum:  6052694 7fe59dab19ac323389bdbefefcb2f472
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mips.deb
          Size/MD5 checksum:   904080 d140aaa93ad6fc52372b6860f5196685
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mips.deb
          Size/MD5 checksum: 15410072 ffd30ff403a343eda1467d543a9485bc
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mipsel.deb
          Size/MD5 checksum:  1445934 a5642a17a417b705c53b6689727f28d9
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mipsel.deb
          Size/MD5 checksum:  5971150 cb94a8fac63741d802344a41758108e1
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mipsel.deb
          Size/MD5 checksum:   889688 bf8b2046d3da235c9717342c0fe802d7
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mipsel.deb
          Size/MD5 checksum: 15104986 c67d26b51c37892ced55a971c3e2ed73
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_powerpc.deb
          Size/MD5 checksum:  1476442 b6365d6bef0817718550fd344151b3a6
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_powerpc.deb
          Size/MD5 checksum:  6027254 cb0be5d5ff7180c0e36850a69a5159c6
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_powerpc.deb
          Size/MD5 checksum:   906982 23b1bb52a6df22e84f3677e3eec0c0b4
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_powerpc.deb
          Size/MD5 checksum: 15402586 2af7f90038dbb3f60cc1c62c159ff18e
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_s390.deb
          Size/MD5 checksum:  1538088 68fd210fd6eb741baa8ae48540ce696c
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_s390.deb
          Size/MD5 checksum:  5461222 0734f9fec16ab4b2aa96bc53fb68fdae
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_s390.deb
          Size/MD5 checksum:   883848 4cf9f929345df7259c78b731a8eda589
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_s390.deb
          Size/MD5 checksum: 15055130 883b34ff52b3fffdf62845cabe5a99c4
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_sparc.deb
          Size/MD5 checksum:  1460258 513bb61a8a20c6eb55722b37a21010eb
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_sparc.deb
          Size/MD5 checksum:  6207684 b6191cb684d4d7057d5577840d932d6d
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_sparc.deb
          Size/MD5 checksum:   867786 a695ec3e218569ce84ad39413e113123
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_sparc.deb
          Size/MD5 checksum: 15391404 79c1c0e272f8f21b9b72486945104400
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.