Linux Security
    Linux Security
    Linux Security

    Debian: New mysql packages fix arbitrary code execution

    Posted By
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 829-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    September 30, 2005            
    - --------------------------------------------------------------------------
    Package        : mysql
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-2558
    BugTraq ID     : 14509
    A stack-based buffer overflow in the init_syms function of MySQL, a
    popular database, has been discovered that allows remote authenticated
    users who can create user-defined functions to execute arbitrary code
    via a long function_name field.  The ability to create user-defined
    functions is not typically granted to untrusted users.
    The following vulnerability matrix shows which version of MySQL in
    which distribution has this problem fixed:
                         woody              sarge              sid
    mysql             3.23.49-8.14           n/a               n/a
    mysql-dfsg            n/a          4.0.24-10sarge1    4.0.24-10sarge1
    mysql-dfsg-4.1        n/a          4.1.11a-4sarge2        4.1.14-2
    mysql-dfsg-5.0        n/a                n/a            5.0.11beta-3
    We recommend that you upgrade your mysql packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      877 6c46a2c935eb285140da38fe19a93382
          Size/MD5 checksum:    85549 ebd8c30055708a455cb4ccd064a931f5
          Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a
      Architecture independent components:
          Size/MD5 checksum:    18490 0663194884fd4c4d066bac4a6df5f0e3
          Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6
      Alpha architecture:
          Size/MD5 checksum:   279812 5fc369c5e55b75b54f1f96600efc7611
          Size/MD5 checksum:   781182 06317a1507de6299aa2f7af79e1c47b7
          Size/MD5 checksum:   165206 f8f3a7c3f5b93be123648f61ef7d3e42
          Size/MD5 checksum:  3637322 7e0dcbe056038813b79059209109c817
      ARM architecture:
          Size/MD5 checksum:   240302 f38ae36e250a08516e84d74b5933da3c
          Size/MD5 checksum:   636894 ee11f194944a0944ee69f282ef93a6db
          Size/MD5 checksum:   125556 63e9a21903d558aa31872c96b5b0a9f2
          Size/MD5 checksum:  2809136 6b7eb832b271f2e9e1bc0da437e77517
      Intel IA-32 architecture:
          Size/MD5 checksum:   236462 a88ca1a9117992e7612f67ac3c5e233b
          Size/MD5 checksum:   578470 8498436d79a3c4e0a21430c1a936f3f3
          Size/MD5 checksum:   124152 f00a5007b19df61d50f462bbf2b16eab
          Size/MD5 checksum:  2802684 0c7ae03086a6fb616f25d11a12f59dd3
      Intel IA-64 architecture:
          Size/MD5 checksum:   317096 8fd6cc4430b0be71e8e3e29653d1c385
          Size/MD5 checksum:   850834 25ee3b8c128001bc812b07106bca1919
          Size/MD5 checksum:   175374 33057b4bd48a10afeed341bc5326df2d
          Size/MD5 checksum:  4001596 c2553b10eaa03c0086cd045c6645fa21
      HP Precision architecture:
          Size/MD5 checksum:   282714 a4beafeb9dbef09d855fbbae69593a9a
          Size/MD5 checksum:   746106 da172b65b2476554fda7f76d23b2ddf8
          Size/MD5 checksum:   142182 310f0ef1682301e22c49004db4dccaa6
          Size/MD5 checksum:  3516838 bdd5466d02128d767ec9e95259d0c478
      Motorola 680x0 architecture:
          Size/MD5 checksum:   229626 11819aa106d97c216a58992d38741384
          Size/MD5 checksum:   559644 dda615853fac6ff347c2c28f34a8ad89
          Size/MD5 checksum:   119980 83773f99d401e676f524d31afc98cf0f
          Size/MD5 checksum:  2649554 812c67dd1714acc49437c3d103a58fcf
      Big endian MIPS architecture:
          Size/MD5 checksum:   252912 f4a651db3d6d21e85e8a2ba1b90c71bd
          Size/MD5 checksum:   691086 1d8b5a6120ab33e263b798fbde56cd0d
          Size/MD5 checksum:   135446 14cf2bf322b0c4d97169a48b3c465088
          Size/MD5 checksum:  2851490 34c1dcf229f22b27f10881e7d178eff8
      Little endian MIPS architecture:
          Size/MD5 checksum:   252578 b30b1e6efcb6d814fc2f54ce01cbcbc2
          Size/MD5 checksum:   690538 0f3486135c2a9e7e2b6d539b747337a1
          Size/MD5 checksum:   135810 0a1f0808bcd847205c617f933da7ae4d
          Size/MD5 checksum:  2841096 7b75481f884758f16477c86a51bb37ae
      PowerPC architecture:
          Size/MD5 checksum:   249676 df2ce297450c8f6e6d9d485a5ac70b66
          Size/MD5 checksum:   654774 57850699654d9c713333db713e321ec1
          Size/MD5 checksum:   131016 3002fb27dc21450f4f705979d34e6664
          Size/MD5 checksum:  2826176 1becf085f621b056169693d408ad3f8c
      IBM S/390 architecture:
          Size/MD5 checksum:   251944 213455557dab1e21a6b8661b7fae0969
          Size/MD5 checksum:   609592 aac39e06ea9ecb31ce0dc03805e6b47c
          Size/MD5 checksum:   127992 69903a71808830e2b1fbc9b304810414
          Size/MD5 checksum:  2693968 2b41561b8d7c13db5c312a55e770f8e9
      Sun Sparc architecture:
          Size/MD5 checksum:   242884 6f2d616af8bc5830005f2991e93ef74f
          Size/MD5 checksum:   617996 314067541e885567bc9ba26207da7b09
          Size/MD5 checksum:   131984 2f8bdb7ec1d0069bca126cbccd64e858
          Size/MD5 checksum:  2943010 ce1e2eb8aac0dd21d1ffd5c05f8355f8
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    Have you ever used tcpdump for network troubleshooting or debugging?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    [{"id":"125","title":"Yes","votes":"45","type":"x","order":"1","pct":83.33,"resources":[]},{"id":"126","title":"No ","votes":"9","type":"x","order":"2","pct":16.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.