Linux Security
Linux Security
Linux Security

Debian: New mysql-dfsg-4.1 packages fix arbitrary code execution

Date 30 Sep 2005
Posted By Joe Shakespeare
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 833-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
October 1st, 2005             
- --------------------------------------------------------------------------

Package        : mysql-dfsg-4.1
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2558
BugTraq ID     : 14509

A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field.  The ability to create user-defined
functions is not typically granted to untrusted users.

The following vulnerability matrix explains which version of MySQL in
which distribution has this problem fixed:

                     woody              sarge              sid
mysql             3.23.49-8.14           n/a               n/a
mysql-dfsg            n/a          4.0.24-10sarge1    4.0.24-10sarge1
mysql-dfsg-4.1        n/a          4.1.11a-4sarge2        4.1.14-2
mysql-dfsg-5.0        n/a                n/a            5.0.11beta-3

We recommend that you upgrade your mysql-dfsg-4.1 packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1021 ef5b7f754fd69c6ddf96185a9ea99d8c
      Size/MD5 checksum:   163217 c22faa82cad1a38568146d03a316b4c3
      Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

  Architecture independent components:
      Size/MD5 checksum:    35758 f4c17c57aaed4aba0d06b22391a443ff

  Alpha architecture:
      Size/MD5 checksum:  1589626 326e06854e8cc7b4df3ca853a8776e6f
      Size/MD5 checksum:  7963496 4da7672c7e6ce497cc6c2b72c2438c5f
      Size/MD5 checksum:  1000022 a8edacbc3c87b781c4aae6772c42f2c9
      Size/MD5 checksum: 17484824 d0e8f9bfebd9c492d0ed336c236050ad

  AMD64 architecture:
      Size/MD5 checksum:  1450438 8e3eca09ae3044bc15d7332a97eaadb3
      Size/MD5 checksum:  5549144 3b9308fd3c89158b20ae75ab4835d333
      Size/MD5 checksum:   848676 0cdc8e7e48e1821fcbab39aee1c6b22b
      Size/MD5 checksum: 14709814 b602e0bff5fda27efbc2bf52c0b46e32

  ARM architecture:
      Size/MD5 checksum:  1388184 ba83a61338a7b6198754c22e134bdabd
      Size/MD5 checksum:  5557760 54ac64644fe2897b5c2554f5332bf402
      Size/MD5 checksum:   835900 a29f9b8bfe41d70e24cb6eef94b43bc9
      Size/MD5 checksum: 14555832 a482f115a2f27abee4ad2a79dfbd6cd1

  Intel IA-32 architecture:
      Size/MD5 checksum:  1416570 e49242dae5f45b947a47ea1fe728d128
      Size/MD5 checksum:  5641688 b3eb7e254df56c09ada9c1fa61fab946
      Size/MD5 checksum:   829688 f3cdde3f2a6698f394ba0edfdbd29446
      Size/MD5 checksum: 14556498 45421b845326a2e40a720dc44b64985d

  Intel IA-64 architecture:
      Size/MD5 checksum:  1711912 475cfa72891c402d1c948be09e6a98f7
      Size/MD5 checksum:  7780996 03bd4ba1db9460ef9d9be5b01d880453
      Size/MD5 checksum:  1049796 b8253e96506666bc4a3b659994bdd48a
      Size/MD5 checksum: 18474740 4a483fc2350bda7a6eb2599c7fbf9e0d

  HP Precision architecture:
      Size/MD5 checksum:  1550304 aadb8f7fbda0ef84b8afcf7baf76dffb
      Size/MD5 checksum:  6249354 21f0e228f658552c1ecb4d05975e3921
      Size/MD5 checksum:   909194 235968a78d019efc6be2e1df68fb4cb3
      Size/MD5 checksum: 15786932 aee2e68c3f7938d0ba7292289f032bda

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1396882 3ef005165d935a0089c42b9dca782125
      Size/MD5 checksum:  5282906 9becdb0b18c3c42b5211739e9f5f5f46
      Size/MD5 checksum:   803022 43eb1fdfe29144e10d1730f1dcc45507
      Size/MD5 checksum: 14070110 51c9d88be73414000742c7c2961307a1

  Big endian MIPS architecture:
      Size/MD5 checksum:  1477766 fb7a8d1fb9d4607d7172c36032ebcbbb
      Size/MD5 checksum:  6051760 6e97430bc9b02e866e04414e627f9f4c
      Size/MD5 checksum:   903542 f99636d7c17d9b9647c34d3dd3379c2d
      Size/MD5 checksum: 15407442 36eaf9d65e7c4dcaeff920389c6bd890

  Little endian MIPS architecture:
      Size/MD5 checksum:  1445350 539eadf9ac7e9b384825c944759ec6b4
      Size/MD5 checksum:  5969562 bdf9697878b6a439d079528660a67fbc
      Size/MD5 checksum:   889260 07d1f0071ce62ce433c9c924544fe5fc
      Size/MD5 checksum: 15103284 5be83f139ae6ac41ffad5a2a7a52ce49

  PowerPC architecture:
      Size/MD5 checksum:  1475432 2fc2f711fd16172952db58a59c17f9cb
      Size/MD5 checksum:  6025146 f230533abfce5f92e7ee95d0966ea984
      Size/MD5 checksum:   906432 d566b964257453976d7c36e309b705de
      Size/MD5 checksum: 15402508 dc78398b45128bc2d2f6881427ff044d

  IBM S/390 architecture:
      Size/MD5 checksum:  1537572 fc84f1f6e3f72bf3e62ae6d09fd29ed5
      Size/MD5 checksum:  5460800 94db267d9e373a8490a0067257ae14a4
      Size/MD5 checksum:   883408 9f613cb6264d5fd7da0c216301e34af1
      Size/MD5 checksum: 15053922 3d90c52ba65c7550da1558bb7d5ab346

  Sun Sparc architecture:
      Size/MD5 checksum:  1459496 478640727168f01c3832f53ada90b8d9
      Size/MD5 checksum:  6205444 427316f73787f388a361c76124e59cb5
      Size/MD5 checksum:   867394 9e2217f00d72fa652b5e45fae5829eb8
      Size/MD5 checksum: 15390434 e79df4002a1dfb61f2253030e8cb1033

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":84.31,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.84,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":7.84,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.