Ubuntu: MySQL vulnerabilities USN-671-1

    Date 16 Oct 2006
    6342
    Posted By LinuxSecurity Advisories
    There are multiple vulnerabilities in MySQL. The following CVEIDs have been addressed: CVE-2006-4227 CVE-2006-4031
    =========================================================== 
    Ubuntu Security Notice USN-338-1         September 05, 2006
    mysql-dfsg-5.0 vulnerabilities
    CVE-2006-4031, CVE-2006-4227
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      mysql-server-5.0                         5.0.22-0ubuntu6.06.2
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Dmitri Lenev discovered that arguments of setuid SQL functions were
    evaluated in the security context of the functions' definer instead of
    its caller. An authenticated user with the privilege to call such a
    function could exploit this to execute arbitrary statements with the
    privileges of the definer of that function. (CVE-2006-4227)
    
    Peter Gulutzan reported a potentially confusing situation of the MERGE
    table engine. If an user creates a merge table, and the administrator
    later revokes privileges on the original table only (without changing
    the privileges on the merge table), that user still has access to the
    data by using the merge table. This is intended behaviour, but might
    be undesirable in some installations; this update introduces a new
    server option "--skip-merge" which disables the MERGE engine
    completely. (CVE-2006-4031)
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.2.diff.gz
          Size/MD5:   125369 93d8d0c3ad971109645ed33738dc4b17
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.2.dsc
          Size/MD5:     1106 541b253aea07ad5282f2684aba12eb69
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
          Size/MD5: 18446645 2b8f36364373461190126817ec872031
    
      Architecture independent packages:
    
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.2_all.deb
          Size/MD5:    36894 08567e0fbadc46d35ebfa27a31d5b994
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.2_all.deb
          Size/MD5:    39392 2e1b0e1151521015f20a75389ca7dba0
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.2_all.deb
          Size/MD5:    36902 ba9d9e6d9645f36f5ee61cd9208b3de0
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.2_amd64.deb
          Size/MD5:  6725782 c8551554b1374b163b8122d7e08a090a
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.2_amd64.deb
          Size/MD5:  1421776 343e99f256f53c37a9f6f9240a163594
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.2_amd64.deb
          Size/MD5:  6895702 757174f4891714e402bc31287c14b1cd
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.2_amd64.deb
          Size/MD5: 22491142 31641f7b65ecefcb92df5f8ad0f81e12
    
      i386 architecture (x86 compatible Intel/AMD)
    
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.2_i386.deb
          Size/MD5:  6139348 adf444d4082a3a1526ae3fe78a8796a4
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.2_i386.deb
          Size/MD5:  1382302 31fae9b4b01ef036b1bdf12c71aceda3
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.2_i386.deb
          Size/MD5:  6277978 c4656f594891017951e79f6456802a69
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.2_i386.deb
          Size/MD5: 21347894 674e8c24a30c33fa5ec27b1633833995
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.2_powerpc.deb
          Size/MD5:  6883060 795ed1bf828a08d737ab7603021a5eeb
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.2_powerpc.deb
          Size/MD5:  1462086 72f42656fb322182ed0334a5b1b83a86
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.2_powerpc.deb
          Size/MD5:  6939654 a85d437e56dc649083a3f222cd8d7c1b
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.2_powerpc.deb
          Size/MD5: 22704258 c5fd77b7e16d6f32b7f4cc94a93a7d75
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.2_sparc.deb
          Size/MD5:  6430786 a6c43a2b92b87fe1f7817c625449259d
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.2_sparc.deb
          Size/MD5:  1434196 89c743b174eb4afd5d108fddf6f7d8d6
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.2_sparc.deb
          Size/MD5:  6535922 5d043bec6799cd5e36875d011c4c2456
        https://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.2_sparc.deb
          Size/MD5: 21969284 ea10af49928ae208797d662b216a2e69
    
    --/3yNEOqWowh/8j+e
    Content-Type: application/pgp-signature; name="signature.asc"
    Content-Description: Digital signature
    Content-Disposition: inline
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)
    
    iD8DBQFE/XFfDecnbV4Fd/IRAqEEAJ90gTAjvghqlic90O7np1vxj27A9wCfXdPl
    /Ctk6ESCWC+PNR7F0LimWXY=/zRu
    -----END PGP SIGNATURE-----
    
    --/3yNEOqWowh/8j+e--
    
    
    --==============	

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"23","type":"x","order":"1","pct":95.83,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":4.17,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.