Linux Security
Linux Security
Linux Security

Debian: New MySQL 4.1 packages fix SQL injection

Date 08 Jun 2006
Posted By LinuxSecurity Advisories
Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL database, incorrectly parses astring escaped with mysql_real_escape() which could lead to SQL injection. This problem does only exist in versions 4.1 and 5.0.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1092-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
June 8th, 2006                
- --------------------------------------------------------------------------

Package        : mysql-dfsg-4.1
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-2753
BugTraq ID     : 18219

Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL
database, incorrectly parses astring escaped with mysql_real_escape()
which could lead to SQL injection.  This problem does only exist in
versions 4.1 and 5.0.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 4.1.11a-4sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 5.0.21-4.

Version 4.0 in the stable distribution (sarge) is also not affected by
this problem.

We recommend that you upgrade your mysql packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1021 af71d3e6da11441dfd8ed93c20ca8729
      Size/MD5 checksum:   167558 438fd6709d74cb614901d0ea9a965745
      Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

  Architecture independent components:
      Size/MD5 checksum:    36302 abaa8025885618451c598493b41d10bb

  Alpha architecture:
      Size/MD5 checksum:  1590578 754d9c9d253ba8488ee66efc92dcb1ca
      Size/MD5 checksum:  7965338 b623f43445b37b8af9f91c09ed31d4ae
      Size/MD5 checksum:  1000754 32ed105998bb4a23d52d861fac54e840
      Size/MD5 checksum: 17488018 d3cda036d9920c18de5849ab3dc024c8

  AMD64 architecture:
      Size/MD5 checksum:  1451828 06f3945b95051a12f9f155a268094dcf
      Size/MD5 checksum:  5551444 3663f19adb6b38a61682619ef19cfbc8
      Size/MD5 checksum:   849336 42c8d15b1329e901a845dc74626a0f3e
      Size/MD5 checksum: 14711198 aa976778d4cfdbfaab96fe4bcbeb8cb5

  ARM architecture:
      Size/MD5 checksum:  1388714 4786d6136ff3d5d9d4258754eb64b356
      Size/MD5 checksum:  5558586 796c478d90a750e0a577434512fdaeb6
      Size/MD5 checksum:   836542 d62795e99b44d319626c15446c962d44
      Size/MD5 checksum: 14557476 ac7a7d39805b00b27872cdc339f688d5

  Intel IA-32 architecture:
      Size/MD5 checksum:  1417826 f8d012cb6a85554c0d94bfcac7f78791
      Size/MD5 checksum:  5643870 d02bb09d6cb1ba6b8014055eec3fc3be
      Size/MD5 checksum:   830518 f603306a8fec1c63b6e3ecc17107bd98
      Size/MD5 checksum: 14558102 591c67e79d72dd63e02dc166d0cb5300

  Intel IA-64 architecture:
      Size/MD5 checksum:  1713084 09db38b7f9ff3567ef4d4ccc4c46ae3f
      Size/MD5 checksum:  7782286 0c75c782e7873a327d69421933f36732
      Size/MD5 checksum:  1050436 91bf76af1e2d978eb5472ddb84031bf1
      Size/MD5 checksum: 18475506 7d96940c7e7a0623de3702651cf8c8a2

  HP Precision architecture:
      Size/MD5 checksum:  1550998 e4c6ae38e9a5dc7aae7cc15dff9bc0c0
      Size/MD5 checksum:  6249966 91443fde830a3cbb343849afd6a2d0d8
      Size/MD5 checksum:   909886 3ed733077d25aefe18bcf1cc21ad2215
      Size/MD5 checksum: 15790412 bb7a33201295e66224bf4c491f0c56b9

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1397768 e3c536ac8323986b4165abe26928f36f
      Size/MD5 checksum:  5283732 bb01937d6e79d23947a89312cf160aa6
      Size/MD5 checksum:   803692 2613a1adb8174a24efa485ade794db85
      Size/MD5 checksum: 14071656 677a2a213c3fb5fe363f76625fe5e1c7

  Big endian MIPS architecture:
      Size/MD5 checksum:  1478750 48583310a2c865cc938566c6cd08a824
      Size/MD5 checksum:  6052854 dad954fb5c1cd13ad73cfd21c2819e5f
      Size/MD5 checksum:   904326 44f8ae166e7b30694eaad583eba40666
      Size/MD5 checksum: 15409878 5180ef322b2f6d4aa7dcc4fd60a521d4

  Little endian MIPS architecture:
      Size/MD5 checksum:  1446178 bd5a7f2d224da45b1e24a6a23038744f
      Size/MD5 checksum:  5971330 bedb92b0edc6e18dc83e504690c863c6
      Size/MD5 checksum:   889962 c75f34bfc318ac4cca4c04cd0bbe2c10
      Size/MD5 checksum: 15105354 e8100b4c7ba1de3c9e3b1afbaac0b825

  PowerPC architecture:
      Size/MD5 checksum:  1476650 035fa1c4995fbc57d9b7ee6e20e85fde
      Size/MD5 checksum:  6027482 98a9b182121a9747a0e6e9c8ef1531b2
      Size/MD5 checksum:   907256 c8a0e5668a15b68aff1c108e7fc6afad
      Size/MD5 checksum: 15402696 3e020285d43a361111278d558d95bd6d

  IBM S/390 architecture:
      Size/MD5 checksum:  1538332 604b1be5b4ca49165113d200cd3415c0
      Size/MD5 checksum:  5461442 b5b4bfa92a5c7d4269238a00fc320057
      Size/MD5 checksum:   884106 c1c2e15c37217bcbf96dfff23f19d5ab
      Size/MD5 checksum: 15055316 2fe79ed0e0242a75f4ecb016d39e491d

  Sun Sparc architecture:
      Size/MD5 checksum:  1460442 72b9ef109c9ef1951d8002b1dbe72735
      Size/MD5 checksum:  6207904 dd3e6e35dab09a603344a36b28916514
      Size/MD5 checksum:   868066 0cec4df9b02b3550fdf4a7c5f35af51b
      Size/MD5 checksum: 15391878 8f056ef97deef926d4b1ff843f762ced

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"41","type":"x","order":"1","pct":83.67,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8.16,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8.16,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.