Linux Security
Linux Security
Linux Security

Debian: New mysql packages fix arbitrary code execution

Date 29 Sep 2005
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 829-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
September 30, 2005            
- --------------------------------------------------------------------------

Package        : mysql
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2558
BugTraq ID     : 14509

A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field.  The ability to create user-defined
functions is not typically granted to untrusted users.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

                     woody              sarge              sid
mysql             3.23.49-8.14           n/a               n/a
mysql-dfsg            n/a          4.0.24-10sarge1    4.0.24-10sarge1
mysql-dfsg-4.1        n/a          4.1.11a-4sarge2        4.1.14-2
mysql-dfsg-5.0        n/a                n/a            5.0.11beta-3

We recommend that you upgrade your mysql packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      877 6c46a2c935eb285140da38fe19a93382
      Size/MD5 checksum:    85549 ebd8c30055708a455cb4ccd064a931f5
      Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

  Architecture independent components:
      Size/MD5 checksum:    18490 0663194884fd4c4d066bac4a6df5f0e3
      Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6

  Alpha architecture:
      Size/MD5 checksum:   279812 5fc369c5e55b75b54f1f96600efc7611
      Size/MD5 checksum:   781182 06317a1507de6299aa2f7af79e1c47b7
      Size/MD5 checksum:   165206 f8f3a7c3f5b93be123648f61ef7d3e42
      Size/MD5 checksum:  3637322 7e0dcbe056038813b79059209109c817

  ARM architecture:
      Size/MD5 checksum:   240302 f38ae36e250a08516e84d74b5933da3c
      Size/MD5 checksum:   636894 ee11f194944a0944ee69f282ef93a6db
      Size/MD5 checksum:   125556 63e9a21903d558aa31872c96b5b0a9f2
      Size/MD5 checksum:  2809136 6b7eb832b271f2e9e1bc0da437e77517

  Intel IA-32 architecture:
      Size/MD5 checksum:   236462 a88ca1a9117992e7612f67ac3c5e233b
      Size/MD5 checksum:   578470 8498436d79a3c4e0a21430c1a936f3f3
      Size/MD5 checksum:   124152 f00a5007b19df61d50f462bbf2b16eab
      Size/MD5 checksum:  2802684 0c7ae03086a6fb616f25d11a12f59dd3

  Intel IA-64 architecture:
      Size/MD5 checksum:   317096 8fd6cc4430b0be71e8e3e29653d1c385
      Size/MD5 checksum:   850834 25ee3b8c128001bc812b07106bca1919
      Size/MD5 checksum:   175374 33057b4bd48a10afeed341bc5326df2d
      Size/MD5 checksum:  4001596 c2553b10eaa03c0086cd045c6645fa21

  HP Precision architecture:
      Size/MD5 checksum:   282714 a4beafeb9dbef09d855fbbae69593a9a
      Size/MD5 checksum:   746106 da172b65b2476554fda7f76d23b2ddf8
      Size/MD5 checksum:   142182 310f0ef1682301e22c49004db4dccaa6
      Size/MD5 checksum:  3516838 bdd5466d02128d767ec9e95259d0c478

  Motorola 680x0 architecture:
      Size/MD5 checksum:   229626 11819aa106d97c216a58992d38741384
      Size/MD5 checksum:   559644 dda615853fac6ff347c2c28f34a8ad89
      Size/MD5 checksum:   119980 83773f99d401e676f524d31afc98cf0f
      Size/MD5 checksum:  2649554 812c67dd1714acc49437c3d103a58fcf

  Big endian MIPS architecture:
      Size/MD5 checksum:   252912 f4a651db3d6d21e85e8a2ba1b90c71bd
      Size/MD5 checksum:   691086 1d8b5a6120ab33e263b798fbde56cd0d
      Size/MD5 checksum:   135446 14cf2bf322b0c4d97169a48b3c465088
      Size/MD5 checksum:  2851490 34c1dcf229f22b27f10881e7d178eff8

  Little endian MIPS architecture:
      Size/MD5 checksum:   252578 b30b1e6efcb6d814fc2f54ce01cbcbc2
      Size/MD5 checksum:   690538 0f3486135c2a9e7e2b6d539b747337a1
      Size/MD5 checksum:   135810 0a1f0808bcd847205c617f933da7ae4d
      Size/MD5 checksum:  2841096 7b75481f884758f16477c86a51bb37ae

  PowerPC architecture:
      Size/MD5 checksum:   249676 df2ce297450c8f6e6d9d485a5ac70b66
      Size/MD5 checksum:   654774 57850699654d9c713333db713e321ec1
      Size/MD5 checksum:   131016 3002fb27dc21450f4f705979d34e6664
      Size/MD5 checksum:  2826176 1becf085f621b056169693d408ad3f8c

  IBM S/390 architecture:
      Size/MD5 checksum:   251944 213455557dab1e21a6b8661b7fae0969
      Size/MD5 checksum:   609592 aac39e06ea9ecb31ce0dc03805e6b47c
      Size/MD5 checksum:   127992 69903a71808830e2b1fbc9b304810414
      Size/MD5 checksum:  2693968 2b41561b8d7c13db5c312a55e770f8e9

  Sun Sparc architecture:
      Size/MD5 checksum:   242884 6f2d616af8bc5830005f2991e93ef74f
      Size/MD5 checksum:   617996 314067541e885567bc9ba26207da7b09
      Size/MD5 checksum:   131984 2f8bdb7ec1d0069bca126cbccd64e858
      Size/MD5 checksum:  2943010 ce1e2eb8aac0dd21d1ffd5c05f8355f8

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.