Debian: New MySQL 4.1 packages fix SQL injection

    Date08 Jun 2006
    CategoryDebian
    4252
    Posted ByLinuxSecurity Advisories
    Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL database, incorrectly parses astring escaped with mysql_real_escape() which could lead to SQL injection. This problem does only exist in versions 4.1 and 5.0.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1092-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    June 8th, 2006                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mysql-dfsg-4.1
    Vulnerability  : programming error
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-2753
    BugTraq ID     : 18219
    
    Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL
    database, incorrectly parses astring escaped with mysql_real_escape()
    which could lead to SQL injection.  This problem does only exist in
    versions 4.1 and 5.0.
    
    The old stable distribution (woody) is not affected by this problem.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 4.1.11a-4sarge4.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 5.0.21-4.
    
    Version 4.0 in the stable distribution (sarge) is also not affected by
    this problem.
    
    We recommend that you upgrade your mysql packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge4.dsc
          Size/MD5 checksum:     1021 af71d3e6da11441dfd8ed93c20ca8729
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge4.diff.gz
          Size/MD5 checksum:   167558 438fd6709d74cb614901d0ea9a965745
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
          Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge4_all.deb
          Size/MD5 checksum:    36302 abaa8025885618451c598493b41d10bb
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_alpha.deb
          Size/MD5 checksum:  1590578 754d9c9d253ba8488ee66efc92dcb1ca
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_alpha.deb
          Size/MD5 checksum:  7965338 b623f43445b37b8af9f91c09ed31d4ae
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_alpha.deb
          Size/MD5 checksum:  1000754 32ed105998bb4a23d52d861fac54e840
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_alpha.deb
          Size/MD5 checksum: 17488018 d3cda036d9920c18de5849ab3dc024c8
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_amd64.deb
          Size/MD5 checksum:  1451828 06f3945b95051a12f9f155a268094dcf
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_amd64.deb
          Size/MD5 checksum:  5551444 3663f19adb6b38a61682619ef19cfbc8
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_amd64.deb
          Size/MD5 checksum:   849336 42c8d15b1329e901a845dc74626a0f3e
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_amd64.deb
          Size/MD5 checksum: 14711198 aa976778d4cfdbfaab96fe4bcbeb8cb5
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_arm.deb
          Size/MD5 checksum:  1388714 4786d6136ff3d5d9d4258754eb64b356
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_arm.deb
          Size/MD5 checksum:  5558586 796c478d90a750e0a577434512fdaeb6
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_arm.deb
          Size/MD5 checksum:   836542 d62795e99b44d319626c15446c962d44
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_arm.deb
          Size/MD5 checksum: 14557476 ac7a7d39805b00b27872cdc339f688d5
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_i386.deb
          Size/MD5 checksum:  1417826 f8d012cb6a85554c0d94bfcac7f78791
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_i386.deb
          Size/MD5 checksum:  5643870 d02bb09d6cb1ba6b8014055eec3fc3be
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_i386.deb
          Size/MD5 checksum:   830518 f603306a8fec1c63b6e3ecc17107bd98
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_i386.deb
          Size/MD5 checksum: 14558102 591c67e79d72dd63e02dc166d0cb5300
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_ia64.deb
          Size/MD5 checksum:  1713084 09db38b7f9ff3567ef4d4ccc4c46ae3f
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_ia64.deb
          Size/MD5 checksum:  7782286 0c75c782e7873a327d69421933f36732
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_ia64.deb
          Size/MD5 checksum:  1050436 91bf76af1e2d978eb5472ddb84031bf1
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_ia64.deb
          Size/MD5 checksum: 18475506 7d96940c7e7a0623de3702651cf8c8a2
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_hppa.deb
          Size/MD5 checksum:  1550998 e4c6ae38e9a5dc7aae7cc15dff9bc0c0
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_hppa.deb
          Size/MD5 checksum:  6249966 91443fde830a3cbb343849afd6a2d0d8
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_hppa.deb
          Size/MD5 checksum:   909886 3ed733077d25aefe18bcf1cc21ad2215
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_hppa.deb
          Size/MD5 checksum: 15790412 bb7a33201295e66224bf4c491f0c56b9
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_m68k.deb
          Size/MD5 checksum:  1397768 e3c536ac8323986b4165abe26928f36f
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_m68k.deb
          Size/MD5 checksum:  5283732 bb01937d6e79d23947a89312cf160aa6
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_m68k.deb
          Size/MD5 checksum:   803692 2613a1adb8174a24efa485ade794db85
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_m68k.deb
          Size/MD5 checksum: 14071656 677a2a213c3fb5fe363f76625fe5e1c7
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_mips.deb
          Size/MD5 checksum:  1478750 48583310a2c865cc938566c6cd08a824
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_mips.deb
          Size/MD5 checksum:  6052854 dad954fb5c1cd13ad73cfd21c2819e5f
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_mips.deb
          Size/MD5 checksum:   904326 44f8ae166e7b30694eaad583eba40666
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_mips.deb
          Size/MD5 checksum: 15409878 5180ef322b2f6d4aa7dcc4fd60a521d4
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_mipsel.deb
          Size/MD5 checksum:  1446178 bd5a7f2d224da45b1e24a6a23038744f
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_mipsel.deb
          Size/MD5 checksum:  5971330 bedb92b0edc6e18dc83e504690c863c6
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_mipsel.deb
          Size/MD5 checksum:   889962 c75f34bfc318ac4cca4c04cd0bbe2c10
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_mipsel.deb
          Size/MD5 checksum: 15105354 e8100b4c7ba1de3c9e3b1afbaac0b825
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_powerpc.deb
          Size/MD5 checksum:  1476650 035fa1c4995fbc57d9b7ee6e20e85fde
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_powerpc.deb
          Size/MD5 checksum:  6027482 98a9b182121a9747a0e6e9c8ef1531b2
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_powerpc.deb
          Size/MD5 checksum:   907256 c8a0e5668a15b68aff1c108e7fc6afad
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_powerpc.deb
          Size/MD5 checksum: 15402696 3e020285d43a361111278d558d95bd6d
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_s390.deb
          Size/MD5 checksum:  1538332 604b1be5b4ca49165113d200cd3415c0
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_s390.deb
          Size/MD5 checksum:  5461442 b5b4bfa92a5c7d4269238a00fc320057
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_s390.deb
          Size/MD5 checksum:   884106 c1c2e15c37217bcbf96dfff23f19d5ab
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_s390.deb
          Size/MD5 checksum: 15055316 2fe79ed0e0242a75f4ecb016d39e491d
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_sparc.deb
          Size/MD5 checksum:  1460442 72b9ef109c9ef1951d8002b1dbe72735
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_sparc.deb
          Size/MD5 checksum:  6207904 dd3e6e35dab09a603344a36b28916514
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_sparc.deb
          Size/MD5 checksum:   868066 0cec4df9b02b3550fdf4a7c5f35af51b
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_sparc.deb
          Size/MD5 checksum: 15391878 8f056ef97deef926d4b1ff843f762ced
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.