Linux Security
Linux Security
Linux Security

Debian: New mysql packages fix insecure temporary file

Date 23 Aug 2005
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 783-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
August 24th, 2005             
- --------------------------------------------------------------------------

Package        : mysql-dfsg-4.1
Vulnerability  : insecure temporary file
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-1636
BugTraq ID     : 13660
Debian Bug     : 319526

Eric Romang discovered a temporary file vulnerability in a script
accompanied with MySQL, a popular database, that allows an attacker to
execute arbitrary SQL commands when the server is installed or

The old stable distribution (woody) as well as mysql-dfsg are not
affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 4.1_4.1.11a-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 4.1.12 for mysql-dfsg-4.1 and 5.0.11beta-3 of mysql-dfsg-5.0.

We recommend that you upgrade your mysql packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1021 13739557cb2a080e28e4d8b8d3c74b3c
      Size/MD5 checksum:   162785 ebabe63abfbe2c9cf4a56fb9515d99dd
      Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

  Architecture independent components:
      Size/MD5 checksum:    35642 abfc7caa37c13c6861ec88cf196ef1be

  Alpha architecture:
      Size/MD5 checksum:  1589514 7ef6a2aaa7323251d2367fed743356a9
      Size/MD5 checksum:  7963364 4bb4ee99603b3c0918f9ef4ae8284ae1
      Size/MD5 checksum:   999878 77f29c811d6515c8affffeec74c4bb7f
      Size/MD5 checksum: 17484624 1149856989da8e133f38c3d59d96b30c

  AMD64 architecture:
      Size/MD5 checksum:  1450326 9f45715323978f3f7c7e40267aec2ea4
      Size/MD5 checksum:  5548998 c6365b2f962fc2092e6466c7e2c4b125
      Size/MD5 checksum:   848544 b2584efe95149b344eb3c6205da2368e
      Size/MD5 checksum: 14709540 1b1ca0bae85285d5b385495728f06af2

  ARM architecture:
      Size/MD5 checksum:  1388076 0be4eec4f3929bf0b7964157fa76accc
      Size/MD5 checksum:  5557616 265a5c7293a18ea7f268bbbb4660f0fe
      Size/MD5 checksum:   835746 f8f6416e44435b01068176a1ac98de0f
      Size/MD5 checksum: 14555588 f8922b999f0b2f620853f3239b049fc9

  Intel IA-32 architecture:
      Size/MD5 checksum:  1416468 a8d52b676ff4ff91d413ff9324450036
      Size/MD5 checksum:  5641628 2d20f8b3174a6a9a19121a5e498bd5c9
      Size/MD5 checksum:   829580 1a4df96b603f27f7c2b139c1dd055460
      Size/MD5 checksum: 14556398 fe1c3f25184baab2bb0095b32c77a797

  Intel IA-64 architecture:
      Size/MD5 checksum:  1711768 fda64e2e04286a2fdd67d2e86a905fb0
      Size/MD5 checksum:  7780852 853e3a49046d46af94ceef13ebb51c29
      Size/MD5 checksum:  1049644 b00ce1514972089cf719b85604808bde
      Size/MD5 checksum: 18474664 85e75b5428af17ec8ef0629cf57c321e

  HP Precision architecture:
      Size/MD5 checksum:  1550180 c5dd256372cd9627eb4dbd9582dce728
      Size/MD5 checksum:  6249180 039c8b4f93c713e967d301fea234292e
      Size/MD5 checksum:   909078 94164738f1978a1eadedb4014c38097e
      Size/MD5 checksum: 15786540 bd9c9386dcacf37a1802160c21f87712

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1396690 dfac1efd2c57ee8c1e5c8e3439e439bf
      Size/MD5 checksum:  5282688 ed08875a118d9237d00f3e3011b1dac1
      Size/MD5 checksum:   802834 e5ab7837ea28d267bfe698fee03cbba6
      Size/MD5 checksum: 14069986 f869a37931dfb86519458a9d48747f96

  Big endian MIPS architecture:
      Size/MD5 checksum:  1477766 fb7a8d1fb9d4607d7172c36032ebcbbb
      Size/MD5 checksum:  6051760 6e97430bc9b02e866e04414e627f9f4c
      Size/MD5 checksum:   903542 f99636d7c17d9b9647c34d3dd3379c2d
      Size/MD5 checksum: 15407442 36eaf9d65e7c4dcaeff920389c6bd890

  Little endian MIPS architecture:
      Size/MD5 checksum:  1445230 a850a8ef0b9860fdea3530e9c20ca155
      Size/MD5 checksum:  5969356 4f65edebdd67451ff9f98d350d8de26f
      Size/MD5 checksum:   889146 f7f3a001055f08d94598a0829a76aaf2
      Size/MD5 checksum: 15103070 c204dcfe3af004201336df429d02972f

  PowerPC architecture:
      Size/MD5 checksum:  1475306 a9a981440a13e4da0f3f1eb28df8e178
      Size/MD5 checksum:  6024926 72553153e08c80d0d52a8abc5634c61b
      Size/MD5 checksum:   906294 6952b08aabe467261f3501fe9863d2cf
      Size/MD5 checksum: 15402300 a8052df1923122ec2fd18d5a3aa5c125

  IBM S/390 architecture:
      Size/MD5 checksum:  1537478 d53485497a6fc99eb0186857fc799963
      Size/MD5 checksum:  5460684 2a11f9f50e74053a17679d59ffea44ad
      Size/MD5 checksum:   883270 61d8ef6a6d11ca03c84bf359a004e2e8
      Size/MD5 checksum: 15053878 1a9066f65b02545819ab1fddec62ba71

  Sun Sparc architecture:
      Size/MD5 checksum:  1459386 b801d56ac5282e4316a11c7e231bbac0
      Size/MD5 checksum:  6205406 2cc5c4c174d61bf0f76b5fd9b75055f8
      Size/MD5 checksum:   867260 b8d31122c0c678cd73c1ae2dba158fb0
      Size/MD5 checksum: 15390174 f2ddbee863e67a62792dec779c3a9c2e

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"44","type":"x","order":"1","pct":81.48,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"5","type":"x","order":"2","pct":9.26,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":9.26,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.