Debian: New mysql-dfsg-5.0 packages fix several

    Date06 Jan 2008
    CategoryDebian
    2580
    Posted ByLinuxSecurity Advisories
    Several local/remote vulnerabilities have been discovered in the MySQL database server. It was discovered that privilege validation for the source table of CREATE TABLE LIKE statements was insufficiently enforced, which might lead to information disclosure. This is only exploitable by authenticated users.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1451-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    January 06, 2008                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : mysql-dfsg-5.0
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-3781 CVE-2007-5969 CVE-2007-6304
    
    Several local/remote vulnerabilities have been discovered in the MySQL
    database server. The Common Vulnerabilities and Exposures project
    identifies the following problems:
    
    CVE-2007-3781
    
        It was discovered that privilege validation for the source table
        of CREATE TABLE LIKE statements was insufficiently enforced, which
        might lead to information disclosure. This is only exploitable by
        authenticated users.
    
    CVE-2007-5969
    
        It was discovered that symbolic links were handled insecurely during
        the creation of tables with DATA DIRECTORY or INDEX DIRECTORY
        statements, which might lead to denial of service by overwriting
        data. This is only exploitable by authenticated users.
    
    CVE-2007-6304
    
        It was discovered that queries to data in a FEDERATED table can
        lead to a crash of the local database server, if the remote server
        returns information with less columns than expected, resulting in
        denial of service.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 5.0.51-1.
    
    For the stable distribution (etch), these problems have been fixed in
    version 5.0.32-7etch4.
    
    The the old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.
    
    We recommend that you upgrade your mysql-dfsg-5.0 packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch4.dsc
        Size/MD5 checksum:     1117 b448b40bc145106d8966508c9fa0c45b
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch4.diff.gz
        Size/MD5 checksum:   161485 31b9376a42bca78d5ac7fda259aff1ca
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
        Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch4_all.deb
        Size/MD5 checksum:    45454 45ff1308d626044f160a0b3fe89c9a34
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch4_all.deb
        Size/MD5 checksum:    47532 d23b1ed2a3fd2ba381dd200c11c86b31
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch4_all.deb
        Size/MD5 checksum:    53798 517bf124cde29920eb3b24a5adbf435d
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_alpha.deb
        Size/MD5 checksum:  8912516 3983707301e692ba4ee6566f421c173e
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_alpha.deb
        Size/MD5 checksum:  1949958 16c2af9a5dd3f4fd0b67a0bb9d268c13
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_alpha.deb
        Size/MD5 checksum:    47574 7f993fb934a3d889eca00ad7458d201b
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_alpha.deb
        Size/MD5 checksum:  8407960 17c00a7f8e950efb3cf4e83c63f8efa6
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_alpha.deb
        Size/MD5 checksum: 27367792 ed5ec8d7ef2b8476d5271b53a4d20931
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_amd64.deb
        Size/MD5 checksum:  7375976 01018314a32846aeabd3feed31b22135
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_amd64.deb
        Size/MD5 checksum:  1829734 42ab75fdb7d1534041d17e6b74dfb5dc
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_amd64.deb
        Size/MD5 checksum:    47548 6a16b6f6d8b12a924c804e859acd99a0
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_amd64.deb
        Size/MD5 checksum: 25939478 8e23c2e305c1f374074a568f3b84dbd3
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_amd64.deb
        Size/MD5 checksum:  7546720 9d184ca3dd41066d55f11a9ab2c75e11
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_arm.deb
        Size/MD5 checksum:  6928896 28be799c6790473b69d312b78b5cbeb6
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_arm.deb
        Size/MD5 checksum:  1747492 6a3557a1b84ef68463aa172952c42db3
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_arm.deb
        Size/MD5 checksum:    47584 3322d9cfd5e3defbc71985e08fce07ab
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_arm.deb
        Size/MD5 checksum:  7204274 f158e1a4da87a26b0d0dd2fd1ee0702f
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_arm.deb
        Size/MD5 checksum: 25345778 1994637d98c3fe0847a0b319f92a58d8
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_hppa.deb
        Size/MD5 checksum:  1920058 b2999058fa46d18e576cf44cccffbc0a
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_hppa.deb
        Size/MD5 checksum:    47550 2ac205e164e6f4a21982b98482b6ec70
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_hppa.deb
        Size/MD5 checksum:  8004732 50a77fe7efc50639fb79f5c220a9f3c2
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_hppa.deb
        Size/MD5 checksum: 27055306 6efd1c4ffe384cfe9824f90a2e7635b9
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_hppa.deb
        Size/MD5 checksum:  8045346 1f7c6279b669a1513afcffb1c3c9820b
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_i386.deb
        Size/MD5 checksum:  6967518 90e037769d009b66b6646e2bd642243b
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_i386.deb
        Size/MD5 checksum:  7190322 6c04a633ab66eb1db06a455eeb373e18
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_i386.deb
        Size/MD5 checksum:    47556 badcb9d2aee69d6d8b71cea1d06567e1
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_i386.deb
        Size/MD5 checksum:  1791490 f12450ac3d0cc9dbaa35d59b85a83180
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_i386.deb
        Size/MD5 checksum: 25229424 4e3a500d94d752e4f9d3e446d39ae88b
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_ia64.deb
        Size/MD5 checksum: 30408484 ba2c4576d79e420139032395137be316
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_ia64.deb
        Size/MD5 checksum:  2114788 2744d8310d333a15fd5ed2cca82cdf02
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_ia64.deb
        Size/MD5 checksum:    47548 03c625c1d32fae4a5afc74a59bc3d0dd
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_ia64.deb
        Size/MD5 checksum: 10341340 99101f3b7ae403da7dfde8d113683455
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_ia64.deb
        Size/MD5 checksum:  9736582 2fc103b7beb1ae8c0fa8e035ecb938fa
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_mips.deb
        Size/MD5 checksum:  1835278 5538a105c6cd230b83d3f87ab3bd80bd
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_mips.deb
        Size/MD5 checksum: 26339182 742476c64082de4d6fe36a649f5e6b2a
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_mips.deb
        Size/MD5 checksum:    47552 3332a7b97502a686f1100baa6efe1839
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_mips.deb
        Size/MD5 checksum:  7655706 926e3f17e24bffa92251ab72a5059bcf
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_mips.deb
        Size/MD5 checksum:  7748160 85dee0ad842d92b13f1c825698f8f24b
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_mipsel.deb
        Size/MD5 checksum:  1788990 d7f4c92c38975ba941f5c99fb5465e52
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_mipsel.deb
        Size/MD5 checksum:  7560122 4880263fde3bee027a64e73c3393b64c
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_mipsel.deb
        Size/MD5 checksum:    47552 a687e4ca58c343c338ee95e2e3e88c24
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_mipsel.deb
        Size/MD5 checksum: 25844698 60de7a718cc33de8d1af0e4efffe9e5d
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_mipsel.deb
        Size/MD5 checksum:  7639674 46049fa456a0b401ccec2a81c5587212
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_powerpc.deb
        Size/MD5 checksum: 26163868 af7b2215ce8821b3ed5f05435492e5f4
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_powerpc.deb
        Size/MD5 checksum:    47554 086bce94d2993e7943c995bf1fa097fc
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_powerpc.deb
        Size/MD5 checksum:  1832116 dbfda8d56ffb5a988b6a01eb093e3d57
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_powerpc.deb
        Size/MD5 checksum:  7572800 44021e7ee4f7ceb2bd5f4684a90798dc
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_powerpc.deb
        Size/MD5 checksum:  7511456 da087cf4d448baec46b5057e9bbd8e0f
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_s390.deb
        Size/MD5 checksum: 26763368 031740301ad6f5e15876fbb959a2f937
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_s390.deb
        Size/MD5 checksum:  7412974 0e9611acc3d3ad40ecf2cef21daa35f7
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_s390.deb
        Size/MD5 checksum:  7507600 fc97e1f896237b8a6150e520d9ab21fd
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_s390.deb
        Size/MD5 checksum:    47552 67c7c6cf8236017b8c1cbe134f96ec27
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_s390.deb
        Size/MD5 checksum:  1951428 54c2d83136aa5de7c4aaae7c814817d5
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_sparc.deb
        Size/MD5 checksum:  1797188 668c5eb76297d82fa52df320e89f39c7
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_sparc.deb
        Size/MD5 checksum: 25424640 da894b39ece9c2b0143724a2571207a7
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_sparc.deb
        Size/MD5 checksum:  7152702 311913d32eadfa52c494fe4bbe748cb6
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_sparc.deb
        Size/MD5 checksum:    47550 dcd7f1dbbc566ac28e5abd94978b603c
      http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_sparc.deb
        Size/MD5 checksum:  7013012 2b3ac8be159f956779af823761d72262
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.