Debian: New mysql-dfsg packages fix arbitrary code execution
September 30, 2005
Update package.
Summary
Severity
- --------------------------------------------------------------------------Debian Security Advisory DSA 831-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 30th, 2005 http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package : mysql-dfsg
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2558
BugTraq ID : 14509
A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field. The ability to create user-defined
functions is not typically granted to untrusted users.
The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:
woody sarge sid
mysql 3.23.49-8.14 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1
mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2
mysql-dfsg-5.0 n/a n/a 5.0.11beta-3
We recommend that you upgrade your mysql-dfsg packages.
Upgrade Instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- -------------------------------- Source archives:
Size/MD5 checksum: 958 ef6d09f85e30f4cb28247ed89d89d5fd
Size/MD5 checksum: 96827 2514e42a9185a93ed171330cd3bf7c14
Size/MD5 checksum: 9923794 aed8f335795a359f32492159e3edfaa3
Architecture independent components:
Size/MD5 checksum: 34244 23f7d491ed4414fe5d90ce32e530d73f
Alpha architecture:
Size/MD5 checksum: 355636 8b44cb0bb88c22adaba893b078b42f10
Size/MD5 checksum: 4531206 b7b9e5625d2bfe56eaadb9a70f8bfb7b
Size/MD5 checksum: 520364 1d52718cabe9bb70cae93a5e36454599
Size/MD5 checksum: 4889832 57d389c2a06587003baa0aed6c06327b
AMD64 architecture:
Size/MD5 checksum: 308352 140315ed4f6aa4b65aa55e3ad5c7ee1b
Size/MD5 checksum: 3180962 ea51575440e8843da102eba8abd140d6
Size/MD5 checksum: 433754 9bd7ec85ea59f619b689616f0588ce16
Size/MD5 checksum: 3878564 1393307fc702474aa7b5a4c85b97a3b3
ARM architecture:
Size/MD5 checksum: 287558 14b2b6a42d1ffbf9b9d8196b4cb92ec7
Size/MD5 checksum: 2847506 92528933395360e67b9c16459c8e7463
Size/MD5 checksum: 413850 7b1c3fee0d8528785048b10a79971a81
Size/MD5 checksum: 3481910 f3df2639e7958e7e44253b44d09d55bc
Intel IA-32 architecture:
Size/MD5 checksum: 295858 78a28a891f77a9f57be894f952fa973e
Size/MD5 checksum: 2921040 c9251ef3f0417002b0bfbe0e41c1f917
Size/MD5 checksum: 414914 18a71162305cec909feff698e94b246e
Size/MD5 checksum: 3645680 b1877cc602daf4b3aeffd350ced6f6a7
Intel IA-64 architecture:
Size/MD5 checksum: 394278 96a69d86b656854517f9d26a174455a0
Size/MD5 checksum: 4470346 31db6bbb9312fee00bbdab0a4f221462
Size/MD5 checksum: 562640 9fa06e7846f0eff259883026efeed8ec
Size/MD5 checksum: 5327746 32f25ae659e144171db32db5805a012f
HP Precision architecture:
Size/MD5 checksum: 329136 483c7ce0e6cc9be38114b7374bdb3a86
Size/MD5 checksum: 3312988 38ba97f60138deba6709de1855178962
Size/MD5 checksum: 455874 406ae448090f48e84c3759a09ef9dbe6
Size/MD5 checksum: 3946630 fe55c1fcea57d60fd613382739dfdb53
Motorola 680x0 architecture:
Size/MD5 checksum: 278808 5d02c5949dc53cd1ba299379209cc843
Size/MD5 checksum: 2664322 23697281b84956a8eb85d1c9d4c699c9
Size/MD5 checksum: 390032 8f0b0ee2e57a2414ba4d13544307410c
Size/MD5 checksum: 3292478 9de4afa8cf0a9ddacb037fed370204d9
Big endian MIPS architecture:
Size/MD5 checksum: 313274 d615c5c6b9dbe639f4ba6147d8c42bd7
Size/MD5 checksum: 3180736 13f518e4ae2ef2d41c400beb98eef49d
Size/MD5 checksum: 456936 b6009b864c9bebdd174b7c26a5dbfec4
Size/MD5 checksum: 3812700 c22aa2b9769932e1684048f367a5cdf8
Little endian MIPS architecture:
Size/MD5 checksum: 313104 4a09bd0f0eaf6e029f4feefbfc56cef7
Size/MD5 checksum: 3168654 d78a8b34ddbd1210e3ede8b6dae1a331
Size/MD5 checksum: 456968 d5ca3e5273c080cba900be64b85b649b
Size/MD5 checksum: 3799672 01f7dbca9f571cd8713db0822f1223ba
PowerPC architecture:
Size/MD5 checksum: 314312 41f521c820a1a1244b3dc3df62bf6df1
Size/MD5 checksum: 3182366 751bac1999dd7c670b9b246e1b708c6d
Size/MD5 checksum: 464346 f04232af81e2a38d97a41771e0c46291
Size/MD5 checksum: 3841732 49f8f76954ee2b07597b2db0d807c0b3
IBM S/390 architecture:
Size/MD5 checksum: 323908 dd1bd936d0b694a760f5a8087fd213b9
Size/MD5 checksum: 2829248 4ec90961d9ff068a35b82fe623b946a6
Size/MD5 checksum: 442108 5956843b3beb3705ae2e975c51ad660f
Size/MD5 checksum: 3665078 d688a2d6f5432286c6dadf0b7d040397
Sun Sparc architecture:
Size/MD5 checksum: 303966 86b2d1eba7f57f62f14f7444f0fce6dd
Size/MD5 checksum: 3268272 05d775d35dbb32c64f95805cc44300f5
Size/MD5 checksum: 429692 4e2dfd716672942be7b54b75c624c460
Size/MD5 checksum: 3821202 4d3579a8fdb79d2193172e2710e65a65
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
