Linux Security
    Linux Security
    Linux Security

    Debian: New mysql packages fix arbitrary code execution

    Date 29 Sep 2005
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 829-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    September 30, 2005            
    - --------------------------------------------------------------------------
    Package        : mysql
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-2558
    BugTraq ID     : 14509
    A stack-based buffer overflow in the init_syms function of MySQL, a
    popular database, has been discovered that allows remote authenticated
    users who can create user-defined functions to execute arbitrary code
    via a long function_name field.  The ability to create user-defined
    functions is not typically granted to untrusted users.
    The following vulnerability matrix shows which version of MySQL in
    which distribution has this problem fixed:
                         woody              sarge              sid
    mysql             3.23.49-8.14           n/a               n/a
    mysql-dfsg            n/a          4.0.24-10sarge1    4.0.24-10sarge1
    mysql-dfsg-4.1        n/a          4.1.11a-4sarge2        4.1.14-2
    mysql-dfsg-5.0        n/a                n/a            5.0.11beta-3
    We recommend that you upgrade your mysql packages.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      877 6c46a2c935eb285140da38fe19a93382
          Size/MD5 checksum:    85549 ebd8c30055708a455cb4ccd064a931f5
          Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a
      Architecture independent components:
          Size/MD5 checksum:    18490 0663194884fd4c4d066bac4a6df5f0e3
          Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6
      Alpha architecture:
          Size/MD5 checksum:   279812 5fc369c5e55b75b54f1f96600efc7611
          Size/MD5 checksum:   781182 06317a1507de6299aa2f7af79e1c47b7
          Size/MD5 checksum:   165206 f8f3a7c3f5b93be123648f61ef7d3e42
          Size/MD5 checksum:  3637322 7e0dcbe056038813b79059209109c817
      ARM architecture:
          Size/MD5 checksum:   240302 f38ae36e250a08516e84d74b5933da3c
          Size/MD5 checksum:   636894 ee11f194944a0944ee69f282ef93a6db
          Size/MD5 checksum:   125556 63e9a21903d558aa31872c96b5b0a9f2
          Size/MD5 checksum:  2809136 6b7eb832b271f2e9e1bc0da437e77517
      Intel IA-32 architecture:
          Size/MD5 checksum:   236462 a88ca1a9117992e7612f67ac3c5e233b
          Size/MD5 checksum:   578470 8498436d79a3c4e0a21430c1a936f3f3
          Size/MD5 checksum:   124152 f00a5007b19df61d50f462bbf2b16eab
          Size/MD5 checksum:  2802684 0c7ae03086a6fb616f25d11a12f59dd3
      Intel IA-64 architecture:
          Size/MD5 checksum:   317096 8fd6cc4430b0be71e8e3e29653d1c385
          Size/MD5 checksum:   850834 25ee3b8c128001bc812b07106bca1919
          Size/MD5 checksum:   175374 33057b4bd48a10afeed341bc5326df2d
          Size/MD5 checksum:  4001596 c2553b10eaa03c0086cd045c6645fa21
      HP Precision architecture:
          Size/MD5 checksum:   282714 a4beafeb9dbef09d855fbbae69593a9a
          Size/MD5 checksum:   746106 da172b65b2476554fda7f76d23b2ddf8
          Size/MD5 checksum:   142182 310f0ef1682301e22c49004db4dccaa6
          Size/MD5 checksum:  3516838 bdd5466d02128d767ec9e95259d0c478
      Motorola 680x0 architecture:
          Size/MD5 checksum:   229626 11819aa106d97c216a58992d38741384
          Size/MD5 checksum:   559644 dda615853fac6ff347c2c28f34a8ad89
          Size/MD5 checksum:   119980 83773f99d401e676f524d31afc98cf0f
          Size/MD5 checksum:  2649554 812c67dd1714acc49437c3d103a58fcf
      Big endian MIPS architecture:
          Size/MD5 checksum:   252912 f4a651db3d6d21e85e8a2ba1b90c71bd
          Size/MD5 checksum:   691086 1d8b5a6120ab33e263b798fbde56cd0d
          Size/MD5 checksum:   135446 14cf2bf322b0c4d97169a48b3c465088
          Size/MD5 checksum:  2851490 34c1dcf229f22b27f10881e7d178eff8
      Little endian MIPS architecture:
          Size/MD5 checksum:   252578 b30b1e6efcb6d814fc2f54ce01cbcbc2
          Size/MD5 checksum:   690538 0f3486135c2a9e7e2b6d539b747337a1
          Size/MD5 checksum:   135810 0a1f0808bcd847205c617f933da7ae4d
          Size/MD5 checksum:  2841096 7b75481f884758f16477c86a51bb37ae
      PowerPC architecture:
          Size/MD5 checksum:   249676 df2ce297450c8f6e6d9d485a5ac70b66
          Size/MD5 checksum:   654774 57850699654d9c713333db713e321ec1
          Size/MD5 checksum:   131016 3002fb27dc21450f4f705979d34e6664
          Size/MD5 checksum:  2826176 1becf085f621b056169693d408ad3f8c
      IBM S/390 architecture:
          Size/MD5 checksum:   251944 213455557dab1e21a6b8661b7fae0969
          Size/MD5 checksum:   609592 aac39e06ea9ecb31ce0dc03805e6b47c
          Size/MD5 checksum:   127992 69903a71808830e2b1fbc9b304810414
          Size/MD5 checksum:  2693968 2b41561b8d7c13db5c312a55e770f8e9
      Sun Sparc architecture:
          Size/MD5 checksum:   242884 6f2d616af8bc5830005f2991e93ef74f
          Size/MD5 checksum:   617996 314067541e885567bc9ba26207da7b09
          Size/MD5 checksum:   131984 2f8bdb7ec1d0069bca126cbccd64e858
          Size/MD5 checksum:  2943010 ce1e2eb8aac0dd21d1ffd5c05f8355f8
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


    LinuxSecurity Poll

    No results found.

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.