[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

remove

remove

Martin Schulze wrote:

> --------------------------------------------------------------------------
> Debian Security Advisory DSA 707-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> April 13th, 2005                        http://www.debian.org/security/faq
> --------------------------------------------------------------------------
>
> Package        : mysql
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CAN-2004-0957
> BugTraq ID     : 12781
> Debian Bug     : 285276 296674 300158
>
> Several vulnerabilities have been discovered in MySQL, a popular
> database.  The Common Vulnerabilities and Exposures project identifies
> the following problems:
>
> CAN-2004-0957
>
>     Sergei Golubchik discovered a problem in the access handling for
>     similar named databases.  If a user is granted privileges to a
>     database with a name containing an underscore ("_"), the user also
>     gains privileges to other databases with similar names.
>
> CAN-2005-0709
>
>     Stefano Di Paola discovered that MySQL allows remote
>     authenticated users with INSERT and DELETE privileges to execute
>     arbitrary code by using CREATE FUNCTION to access libc calls.
>
> CAN-2005-0710
>
>     Stefano Di Paola discovered that MySQL allows remote authenticated
>     users with INSERT and DELETE privileges to bypass library path
>     restrictions and execute arbitrary libraries by using INSERT INTO
>     to modify the mysql.func table.
>
> CAN-2005-0711
>
>    Stefano Di Paola discovered that MySQL uses predictable file names
>    when creating temporary tables, which allows local users with
>    CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via
>    a symlink attack.
>
> For the stable distribution (woody) these problems have been fixed in
> version 3.23.49-8.11.
>
> For the unstable distribution (sid) these problems have been fixed in
> version 4.0.24-5 of mysql-dfsg and in version 4.1.10a-6 of
> mysql-dfsg-4.1.
>
> We recommend that you upgrade your mysql packages.
>
>
> Upgrade Instructions
> --------------------
>
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.0 alias woody
> --------------------------------
>
>   Source archives:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.dsc
>       Size/MD5 checksum:      877 df2d85bd322eb6d42287127aa911b07e
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.diff.gz
>       Size/MD5 checksum:    84421 13e0ec8441a97408ed4d0ab47981a333
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
>       Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a
>
>   Architecture independent components:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.11_all.deb
>       Size/MD5 checksum:    18094 578cfd9bbf7930981efc682c8e51b549
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
>       Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6
>
>   Alpha architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_alpha.deb
>       Size/MD5 checksum:   279398 3971a1aa23bde9baefeb5784ef0ade3a
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_alpha.deb
>       Size/MD5 checksum:   780772 97e71d14a7a1d4dd21ed5deab8dd545e
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_alpha.deb
>       Size/MD5 checksum:   164748 7162245a011bed2fe08d0de4f95cc4e1
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_alpha.deb
>       Size/MD5 checksum:  3636734 66c25c69c3579a9d69cd5b258ff5aaee
>
>   ARM architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_arm.deb
>       Size/MD5 checksum:   239882 4472b428cbb26a752ac0e81b051cf628
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_arm.deb
>       Size/MD5 checksum:   636536 ca50af2c717731c69542d5724a47fdf6
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_arm.deb
>       Size/MD5 checksum:   125156 e72c65ef2ec3bb5d2a4a98263ccadb2b
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_arm.deb
>       Size/MD5 checksum:  2808394 49c9bfb44afb893144171137b98eed12
>
>   Intel IA-32 architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_i386.deb
>       Size/MD5 checksum:   236058 a166e82ba1b7444bf86273f6e2d06022
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_i386.deb
>       Size/MD5 checksum:   578064 a95797aa335d8f09ec119c553a766b08
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_i386.deb
>       Size/MD5 checksum:   123672 3bd8648dd73e9f8f435029907d7d8a32
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_i386.deb
>       Size/MD5 checksum:  2802056 dd4a223b162e6e13e0517220cc756fd3
>
>   Intel IA-64 architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_ia64.deb
>       Size/MD5 checksum:   316690 8c537c85c8485fc053b05aa7647e9c95
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_ia64.deb
>       Size/MD5 checksum:   850412 9b580b32697b20bd420682e2da02b55a
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_ia64.deb
>       Size/MD5 checksum:   174958 4529edb2a8ed5275b858ddda14cafc9c
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_ia64.deb
>       Size/MD5 checksum:  4001168 dffcaa4ea670a963c2e1c87f86ca790b
>
>   HP Precision architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_hppa.deb
>       Size/MD5 checksum:   282304 3192982a2bf0d1f4b4c898ffa45ee977
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_hppa.deb
>       Size/MD5 checksum:   745680 1746b48072bcc93c4588d1e6f0c12b44
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_hppa.deb
>       Size/MD5 checksum:   141770 b497d2bdd7032816a696985a65e32174
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_hppa.deb
>       Size/MD5 checksum:  3516268 216cbce37769115fe9d393b9193f4ad5
>
>   Motorola 680x0 architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_m68k.deb
>       Size/MD5 checksum:   229238 0c5ae0cdfb69ee2e8eaff52119bbfdf5
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_m68k.deb
>       Size/MD5 checksum:   559260 11b3be08f6cd4c916a56349908e73bc7
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_m68k.deb
>       Size/MD5 checksum:   119552 291df2ccd20afd3ba5b426bc232e1681
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_m68k.deb
>       Size/MD5 checksum:  2648664 32253029744281d67cc32516d4415a7b
>
>   Big endian MIPS architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mips.deb
>       Size/MD5 checksum:   252512 9f0d13488d1ef1d46b1cf954247c5d73
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mips.deb
>       Size/MD5 checksum:   690782 65245ff95983c58c49e5675e61ee3629
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mips.deb
>       Size/MD5 checksum:   135060 5382f4e78411fcb8364df226d27b6480
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mips.deb
>       Size/MD5 checksum:  2850534 1f6cbd34b484d6f57259c9c10d49c643
>
>   Little endian MIPS architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mipsel.deb
>       Size/MD5 checksum:   252176 fe3be8acd75ccb1206d32b66f4a7f696
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mipsel.deb
>       Size/MD5 checksum:   690178 9bc96dee918e627234f5aba08e8ed174
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mipsel.deb
>       Size/MD5 checksum:   135402 219d4706babc06c8995c8674687bdd3b
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mipsel.deb
>       Size/MD5 checksum:  2840476 f9feb1a4254acb12cd974fe7abdd7430
>
>   PowerPC architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_powerpc.deb
>       Size/MD5 checksum:   249246 d2433c23f8a83fbb7cfabaa7f1996ba0
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_powerpc.deb
>       Size/MD5 checksum:   654366 fc5f0eb155c521a8a2f2a621c58026ef
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_powerpc.deb
>       Size/MD5 checksum:   130604 06d0a734db8a480d31acfff1a032a1b2
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_powerpc.deb
>       Size/MD5 checksum:  2825402 7cb05dadadbdf7b2aeaebff9b1c57bdd
>
>   IBM S/390 architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_s390.deb
>       Size/MD5 checksum:   251522 0b0425e22e503cca3044457d1afb96a0
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_s390.deb
>       Size/MD5 checksum:   609212 f2e48ad9b41cd1aed57b0cf06a350c51
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_s390.deb
>       Size/MD5 checksum:   127578 e716610259ca1a56a5cc709bb0f39d8f
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_s390.deb
>       Size/MD5 checksum:  2692988 dc5da2e28c240fc7cd5d7a57038324c4
>
>   Sun Sparc architecture:
>
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_sparc.deb
>       Size/MD5 checksum:   242480 7fdfd764be3bc3eaccb2370b6d55f501
>    
> http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_sparc.deb
>       Size/MD5 checksum:   617570 900be3d64a19cc29f7e20449a3cb95e0
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_sparc.deb
>       Size/MD5 checksum:   131548 890954cb23d89714d7645fa60587854c
>    
> http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_sparc.deb
>       Size/MD5 checksum:  2942040 5f234f648e9d269ca3df7167536bd2ae
>
>
>   These files will probably be moved into the stable distribution on
>   its next update.
>
> ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>
Reply to: