Linux Security
    Linux Security
    Linux Security

    Debian: New mysql-dfsg-4.1 packages fix arbitrary code execution

    Date 30 Sep 2005
    Posted By Joe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 833-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    October 1st, 2005             
    - --------------------------------------------------------------------------
    Package        : mysql-dfsg-4.1
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-2558
    BugTraq ID     : 14509
    A stack-based buffer overflow in the init_syms function of MySQL, a
    popular database, has been discovered that allows remote authenticated
    users who can create user-defined functions to execute arbitrary code
    via a long function_name field.  The ability to create user-defined
    functions is not typically granted to untrusted users.
    The following vulnerability matrix explains which version of MySQL in
    which distribution has this problem fixed:
                         woody              sarge              sid
    mysql             3.23.49-8.14           n/a               n/a
    mysql-dfsg            n/a          4.0.24-10sarge1    4.0.24-10sarge1
    mysql-dfsg-4.1        n/a          4.1.11a-4sarge2        4.1.14-2
    mysql-dfsg-5.0        n/a                n/a            5.0.11beta-3
    We recommend that you upgrade your mysql-dfsg-4.1 packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:     1021 ef5b7f754fd69c6ddf96185a9ea99d8c
          Size/MD5 checksum:   163217 c22faa82cad1a38568146d03a316b4c3
          Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3
      Architecture independent components:
          Size/MD5 checksum:    35758 f4c17c57aaed4aba0d06b22391a443ff
      Alpha architecture:
          Size/MD5 checksum:  1589626 326e06854e8cc7b4df3ca853a8776e6f
          Size/MD5 checksum:  7963496 4da7672c7e6ce497cc6c2b72c2438c5f
          Size/MD5 checksum:  1000022 a8edacbc3c87b781c4aae6772c42f2c9
          Size/MD5 checksum: 17484824 d0e8f9bfebd9c492d0ed336c236050ad
      AMD64 architecture:
          Size/MD5 checksum:  1450438 8e3eca09ae3044bc15d7332a97eaadb3
          Size/MD5 checksum:  5549144 3b9308fd3c89158b20ae75ab4835d333
          Size/MD5 checksum:   848676 0cdc8e7e48e1821fcbab39aee1c6b22b
          Size/MD5 checksum: 14709814 b602e0bff5fda27efbc2bf52c0b46e32
      ARM architecture:
          Size/MD5 checksum:  1388184 ba83a61338a7b6198754c22e134bdabd
          Size/MD5 checksum:  5557760 54ac64644fe2897b5c2554f5332bf402
          Size/MD5 checksum:   835900 a29f9b8bfe41d70e24cb6eef94b43bc9
          Size/MD5 checksum: 14555832 a482f115a2f27abee4ad2a79dfbd6cd1
      Intel IA-32 architecture:
          Size/MD5 checksum:  1416570 e49242dae5f45b947a47ea1fe728d128
          Size/MD5 checksum:  5641688 b3eb7e254df56c09ada9c1fa61fab946
          Size/MD5 checksum:   829688 f3cdde3f2a6698f394ba0edfdbd29446
          Size/MD5 checksum: 14556498 45421b845326a2e40a720dc44b64985d
      Intel IA-64 architecture:
          Size/MD5 checksum:  1711912 475cfa72891c402d1c948be09e6a98f7
          Size/MD5 checksum:  7780996 03bd4ba1db9460ef9d9be5b01d880453
          Size/MD5 checksum:  1049796 b8253e96506666bc4a3b659994bdd48a
          Size/MD5 checksum: 18474740 4a483fc2350bda7a6eb2599c7fbf9e0d
      HP Precision architecture:
          Size/MD5 checksum:  1550304 aadb8f7fbda0ef84b8afcf7baf76dffb
          Size/MD5 checksum:  6249354 21f0e228f658552c1ecb4d05975e3921
          Size/MD5 checksum:   909194 235968a78d019efc6be2e1df68fb4cb3
          Size/MD5 checksum: 15786932 aee2e68c3f7938d0ba7292289f032bda
      Motorola 680x0 architecture:
          Size/MD5 checksum:  1396882 3ef005165d935a0089c42b9dca782125
          Size/MD5 checksum:  5282906 9becdb0b18c3c42b5211739e9f5f5f46
          Size/MD5 checksum:   803022 43eb1fdfe29144e10d1730f1dcc45507
          Size/MD5 checksum: 14070110 51c9d88be73414000742c7c2961307a1
      Big endian MIPS architecture:
          Size/MD5 checksum:  1477766 fb7a8d1fb9d4607d7172c36032ebcbbb
          Size/MD5 checksum:  6051760 6e97430bc9b02e866e04414e627f9f4c
          Size/MD5 checksum:   903542 f99636d7c17d9b9647c34d3dd3379c2d
          Size/MD5 checksum: 15407442 36eaf9d65e7c4dcaeff920389c6bd890
      Little endian MIPS architecture:
          Size/MD5 checksum:  1445350 539eadf9ac7e9b384825c944759ec6b4
          Size/MD5 checksum:  5969562 bdf9697878b6a439d079528660a67fbc
          Size/MD5 checksum:   889260 07d1f0071ce62ce433c9c924544fe5fc
          Size/MD5 checksum: 15103284 5be83f139ae6ac41ffad5a2a7a52ce49
      PowerPC architecture:
          Size/MD5 checksum:  1475432 2fc2f711fd16172952db58a59c17f9cb
          Size/MD5 checksum:  6025146 f230533abfce5f92e7ee95d0966ea984
          Size/MD5 checksum:   906432 d566b964257453976d7c36e309b705de
          Size/MD5 checksum: 15402508 dc78398b45128bc2d2f6881427ff044d
      IBM S/390 architecture:
          Size/MD5 checksum:  1537572 fc84f1f6e3f72bf3e62ae6d09fd29ed5
          Size/MD5 checksum:  5460800 94db267d9e373a8490a0067257ae14a4
          Size/MD5 checksum:   883408 9f613cb6264d5fd7da0c216301e34af1
          Size/MD5 checksum: 15053922 3d90c52ba65c7550da1558bb7d5ab346
      Sun Sparc architecture:
          Size/MD5 checksum:  1459496 478640727168f01c3832f53ada90b8d9
          Size/MD5 checksum:  6205444 427316f73787f388a361c76124e59cb5
          Size/MD5 checksum:   867394 9e2217f00d72fa652b5e45fae5829eb8
          Size/MD5 checksum: 15390434 e79df4002a1dfb61f2253030e8cb1033
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.