Linux Security
    Linux Security
    Linux Security

    Debian: New mysql packages fix insecure temporary file

    Date 23 Aug 2005
    5077
    Posted By LinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 783-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    August 24th, 2005                       https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : mysql-dfsg-4.1
    Vulnerability  : insecure temporary file
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2005-1636
    BugTraq ID     : 13660
    Debian Bug     : 319526
    
    Eric Romang discovered a temporary file vulnerability in a script
    accompanied with MySQL, a popular database, that allows an attacker to
    execute arbitrary SQL commands when the server is installed or
    updated.
    
    The old stable distribution (woody) as well as mysql-dfsg are not
    affected by this problem.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 4.1_4.1.11a-4sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 4.1.12 for mysql-dfsg-4.1 and 5.0.11beta-3 of mysql-dfsg-5.0.
    
    We recommend that you upgrade your mysql packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge1.dsc
          Size/MD5 checksum:     1021 13739557cb2a080e28e4d8b8d3c74b3c
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge1.diff.gz
          Size/MD5 checksum:   162785 ebabe63abfbe2c9cf4a56fb9515d99dd
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
          Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3
    
      Architecture independent components:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge1_all.deb
          Size/MD5 checksum:    35642 abfc7caa37c13c6861ec88cf196ef1be
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_alpha.deb
          Size/MD5 checksum:  1589514 7ef6a2aaa7323251d2367fed743356a9
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_alpha.deb
          Size/MD5 checksum:  7963364 4bb4ee99603b3c0918f9ef4ae8284ae1
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_alpha.deb
          Size/MD5 checksum:   999878 77f29c811d6515c8affffeec74c4bb7f
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_alpha.deb
          Size/MD5 checksum: 17484624 1149856989da8e133f38c3d59d96b30c
    
      AMD64 architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_amd64.deb
          Size/MD5 checksum:  1450326 9f45715323978f3f7c7e40267aec2ea4
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_amd64.deb
          Size/MD5 checksum:  5548998 c6365b2f962fc2092e6466c7e2c4b125
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_amd64.deb
          Size/MD5 checksum:   848544 b2584efe95149b344eb3c6205da2368e
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_amd64.deb
          Size/MD5 checksum: 14709540 1b1ca0bae85285d5b385495728f06af2
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_arm.deb
          Size/MD5 checksum:  1388076 0be4eec4f3929bf0b7964157fa76accc
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_arm.deb
          Size/MD5 checksum:  5557616 265a5c7293a18ea7f268bbbb4660f0fe
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_arm.deb
          Size/MD5 checksum:   835746 f8f6416e44435b01068176a1ac98de0f
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_arm.deb
          Size/MD5 checksum: 14555588 f8922b999f0b2f620853f3239b049fc9
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_i386.deb
          Size/MD5 checksum:  1416468 a8d52b676ff4ff91d413ff9324450036
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_i386.deb
          Size/MD5 checksum:  5641628 2d20f8b3174a6a9a19121a5e498bd5c9
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_i386.deb
          Size/MD5 checksum:   829580 1a4df96b603f27f7c2b139c1dd055460
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_i386.deb
          Size/MD5 checksum: 14556398 fe1c3f25184baab2bb0095b32c77a797
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_ia64.deb
          Size/MD5 checksum:  1711768 fda64e2e04286a2fdd67d2e86a905fb0
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_ia64.deb
          Size/MD5 checksum:  7780852 853e3a49046d46af94ceef13ebb51c29
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_ia64.deb
          Size/MD5 checksum:  1049644 b00ce1514972089cf719b85604808bde
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_ia64.deb
          Size/MD5 checksum: 18474664 85e75b5428af17ec8ef0629cf57c321e
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_hppa.deb
          Size/MD5 checksum:  1550180 c5dd256372cd9627eb4dbd9582dce728
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_hppa.deb
          Size/MD5 checksum:  6249180 039c8b4f93c713e967d301fea234292e
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_hppa.deb
          Size/MD5 checksum:   909078 94164738f1978a1eadedb4014c38097e
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_hppa.deb
          Size/MD5 checksum: 15786540 bd9c9386dcacf37a1802160c21f87712
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_m68k.deb
          Size/MD5 checksum:  1396690 dfac1efd2c57ee8c1e5c8e3439e439bf
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_m68k.deb
          Size/MD5 checksum:  5282688 ed08875a118d9237d00f3e3011b1dac1
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_m68k.deb
          Size/MD5 checksum:   802834 e5ab7837ea28d267bfe698fee03cbba6
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_m68k.deb
          Size/MD5 checksum: 14069986 f869a37931dfb86519458a9d48747f96
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_mips.deb
          Size/MD5 checksum:  1477766 fb7a8d1fb9d4607d7172c36032ebcbbb
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_mips.deb
          Size/MD5 checksum:  6051760 6e97430bc9b02e866e04414e627f9f4c
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_mips.deb
          Size/MD5 checksum:   903542 f99636d7c17d9b9647c34d3dd3379c2d
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_mips.deb
          Size/MD5 checksum: 15407442 36eaf9d65e7c4dcaeff920389c6bd890
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_mipsel.deb
          Size/MD5 checksum:  1445230 a850a8ef0b9860fdea3530e9c20ca155
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_mipsel.deb
          Size/MD5 checksum:  5969356 4f65edebdd67451ff9f98d350d8de26f
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_mipsel.deb
          Size/MD5 checksum:   889146 f7f3a001055f08d94598a0829a76aaf2
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_mipsel.deb
          Size/MD5 checksum: 15103070 c204dcfe3af004201336df429d02972f
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_powerpc.deb
          Size/MD5 checksum:  1475306 a9a981440a13e4da0f3f1eb28df8e178
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_powerpc.deb
          Size/MD5 checksum:  6024926 72553153e08c80d0d52a8abc5634c61b
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_powerpc.deb
          Size/MD5 checksum:   906294 6952b08aabe467261f3501fe9863d2cf
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_powerpc.deb
          Size/MD5 checksum: 15402300 a8052df1923122ec2fd18d5a3aa5c125
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_s390.deb
          Size/MD5 checksum:  1537478 d53485497a6fc99eb0186857fc799963
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_s390.deb
          Size/MD5 checksum:  5460684 2a11f9f50e74053a17679d59ffea44ad
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_s390.deb
          Size/MD5 checksum:   883270 61d8ef6a6d11ca03c84bf359a004e2e8
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_s390.deb
          Size/MD5 checksum: 15053878 1a9066f65b02545819ab1fddec62ba71
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_sparc.deb
          Size/MD5 checksum:  1459386 b801d56ac5282e4316a11c7e231bbac0
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_sparc.deb
          Size/MD5 checksum:  6205406 2cc5c4c174d61bf0f76b5fd9b75055f8
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_sparc.deb
          Size/MD5 checksum:   867260 b8d31122c0c678cd73c1ae2dba158fb0
        https://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_sparc.deb
          Size/MD5 checksum: 15390174 f2ddbee863e67a62792dec779c3a9c2e
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"12","type":"x","order":"1","pct":36.36,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.18,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":45.45,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.