Linux Security
    Linux Security
    Linux Security

    Debian: New MySQL 4.1 packages fix SQL injection

    Date 08 Jun 2006
    Posted By LinuxSecurity Advisories
    Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL database, incorrectly parses astring escaped with mysql_real_escape() which could lead to SQL injection. This problem does only exist in versions 4.1 and 5.0.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1092-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    June 8th, 2006                
    - --------------------------------------------------------------------------
    Package        : mysql-dfsg-4.1
    Vulnerability  : programming error
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-2753
    BugTraq ID     : 18219
    Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL
    database, incorrectly parses astring escaped with mysql_real_escape()
    which could lead to SQL injection.  This problem does only exist in
    versions 4.1 and 5.0.
    The old stable distribution (woody) is not affected by this problem.
    For the stable distribution (sarge) this problem has been fixed in
    version 4.1.11a-4sarge4.
    For the unstable distribution (sid) this problem has been fixed in
    version 5.0.21-4.
    Version 4.0 in the stable distribution (sarge) is also not affected by
    this problem.
    We recommend that you upgrade your mysql packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:     1021 af71d3e6da11441dfd8ed93c20ca8729
          Size/MD5 checksum:   167558 438fd6709d74cb614901d0ea9a965745
          Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3
      Architecture independent components:
          Size/MD5 checksum:    36302 abaa8025885618451c598493b41d10bb
      Alpha architecture:
          Size/MD5 checksum:  1590578 754d9c9d253ba8488ee66efc92dcb1ca
          Size/MD5 checksum:  7965338 b623f43445b37b8af9f91c09ed31d4ae
          Size/MD5 checksum:  1000754 32ed105998bb4a23d52d861fac54e840
          Size/MD5 checksum: 17488018 d3cda036d9920c18de5849ab3dc024c8
      AMD64 architecture:
          Size/MD5 checksum:  1451828 06f3945b95051a12f9f155a268094dcf
          Size/MD5 checksum:  5551444 3663f19adb6b38a61682619ef19cfbc8
          Size/MD5 checksum:   849336 42c8d15b1329e901a845dc74626a0f3e
          Size/MD5 checksum: 14711198 aa976778d4cfdbfaab96fe4bcbeb8cb5
      ARM architecture:
          Size/MD5 checksum:  1388714 4786d6136ff3d5d9d4258754eb64b356
          Size/MD5 checksum:  5558586 796c478d90a750e0a577434512fdaeb6
          Size/MD5 checksum:   836542 d62795e99b44d319626c15446c962d44
          Size/MD5 checksum: 14557476 ac7a7d39805b00b27872cdc339f688d5
      Intel IA-32 architecture:
          Size/MD5 checksum:  1417826 f8d012cb6a85554c0d94bfcac7f78791
          Size/MD5 checksum:  5643870 d02bb09d6cb1ba6b8014055eec3fc3be
          Size/MD5 checksum:   830518 f603306a8fec1c63b6e3ecc17107bd98
          Size/MD5 checksum: 14558102 591c67e79d72dd63e02dc166d0cb5300
      Intel IA-64 architecture:
          Size/MD5 checksum:  1713084 09db38b7f9ff3567ef4d4ccc4c46ae3f
          Size/MD5 checksum:  7782286 0c75c782e7873a327d69421933f36732
          Size/MD5 checksum:  1050436 91bf76af1e2d978eb5472ddb84031bf1
          Size/MD5 checksum: 18475506 7d96940c7e7a0623de3702651cf8c8a2
      HP Precision architecture:
          Size/MD5 checksum:  1550998 e4c6ae38e9a5dc7aae7cc15dff9bc0c0
          Size/MD5 checksum:  6249966 91443fde830a3cbb343849afd6a2d0d8
          Size/MD5 checksum:   909886 3ed733077d25aefe18bcf1cc21ad2215
          Size/MD5 checksum: 15790412 bb7a33201295e66224bf4c491f0c56b9
      Motorola 680x0 architecture:
          Size/MD5 checksum:  1397768 e3c536ac8323986b4165abe26928f36f
          Size/MD5 checksum:  5283732 bb01937d6e79d23947a89312cf160aa6
          Size/MD5 checksum:   803692 2613a1adb8174a24efa485ade794db85
          Size/MD5 checksum: 14071656 677a2a213c3fb5fe363f76625fe5e1c7
      Big endian MIPS architecture:
          Size/MD5 checksum:  1478750 48583310a2c865cc938566c6cd08a824
          Size/MD5 checksum:  6052854 dad954fb5c1cd13ad73cfd21c2819e5f
          Size/MD5 checksum:   904326 44f8ae166e7b30694eaad583eba40666
          Size/MD5 checksum: 15409878 5180ef322b2f6d4aa7dcc4fd60a521d4
      Little endian MIPS architecture:
          Size/MD5 checksum:  1446178 bd5a7f2d224da45b1e24a6a23038744f
          Size/MD5 checksum:  5971330 bedb92b0edc6e18dc83e504690c863c6
          Size/MD5 checksum:   889962 c75f34bfc318ac4cca4c04cd0bbe2c10
          Size/MD5 checksum: 15105354 e8100b4c7ba1de3c9e3b1afbaac0b825
      PowerPC architecture:
          Size/MD5 checksum:  1476650 035fa1c4995fbc57d9b7ee6e20e85fde
          Size/MD5 checksum:  6027482 98a9b182121a9747a0e6e9c8ef1531b2
          Size/MD5 checksum:   907256 c8a0e5668a15b68aff1c108e7fc6afad
          Size/MD5 checksum: 15402696 3e020285d43a361111278d558d95bd6d
      IBM S/390 architecture:
          Size/MD5 checksum:  1538332 604b1be5b4ca49165113d200cd3415c0
          Size/MD5 checksum:  5461442 b5b4bfa92a5c7d4269238a00fc320057
          Size/MD5 checksum:   884106 c1c2e15c37217bcbf96dfff23f19d5ab
          Size/MD5 checksum: 15055316 2fe79ed0e0242a75f4ecb016d39e491d
      Sun Sparc architecture:
          Size/MD5 checksum:  1460442 72b9ef109c9ef1951d8002b1dbe72735
          Size/MD5 checksum:  6207904 dd3e6e35dab09a603344a36b28916514
          Size/MD5 checksum:   868066 0cec4df9b02b3550fdf4a7c5f35af51b
          Size/MD5 checksum: 15391878 8f056ef97deef926d4b1ff843f762ced
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.