RE: [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities

To: <debian-security@lists.debian.org>, <debian-security-announce@lists.debian.org>
Subject: RE: [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
From: Frederic Thery <fred.thery@wanadoo.fr>
Date: Tue, 29 Jan 2008 11:08:13 +0100
Message-id: <[🔎] BAY106-W3658CC8FBEA80D0F0A62AFC6350@phx.gbl>
In-reply-to: <20080128202018.GA3711@galadriel.inutil.org>
References: <20080128202018.GA3711@galadriel.inutil.org>

Hello !

Toujours OK pour ce midi ? on se retrouve à la Défense Caro pour y aller ensemble ?

> Date: Mon, 28 Jan 2008 21:20:18 +0100
> From: jmm@debian.org
> To: debian-security-announce@lists.debian.org
> Subject: [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1478-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> January 28, 2008 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package : mysql-dfsg-5.0
> Vulnerability : buffer overflows
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2008-0226 CVE-2008-0227
>
> Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL
> implementation included in the MySQL database package, which could lead
> to denial of service and possibly the execution of arbitrary code.
>
> For the unstable distribution (sid), these problems have been fixed in
> version 5.0.51-3.
>
> For the stable distribution (etch), these problems have been fixed in
> version 5.0.32-7etch5.
>
> The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.
>
> We recommend that you upgrade your mysql-dfsg-5.0 package.
>
> Upgrade instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian 4.0 (stable)
> - -------------------
>
> Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
> Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.diff.gz
> Size/MD5 checksum: 165895 05351b7ac0547d3666828c7eba89ee18
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.dsc
> Size/MD5 checksum: 1117 7d6a184cf5bda53d18be88728a0635c4
>
> Architecture independent packages:
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch5_all.deb
> Size/MD5 checksum: 45636 c2d87b9755088b3a67851dc4867a67f8
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch5_all.deb
> Size/MD5 checksum: 47716 5c9311fc2072be8336424c648497303e
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch5_all.deb
> Size/MD5 checksum: 53944 3a16dd0a2c795cf7e906c648844a9779
>
> alpha architecture (DEC Alpha)
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_alpha.deb
> Size/MD5 checksum: 8912752 826f18c201582262ee622ed9e470a915
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_alpha.deb
> Size/MD5 checksum: 1950712 47215338ef678adf7ca6f80d9d60613e
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_alpha.deb
> Size/MD5 checksum: 8407802 e6e87a2edaf5f0405473fb3f5c859b3f
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_alpha.deb
> Size/MD5 checksum: 27365718 f83e12f0f36c31b4dbd64ab7b1b6f01d
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_alpha.deb
> Size/MD5 checksum: 47748 91489bb86084a9f6026c6156a4a5faa0
>
> amd64 architecture (AMD x86_64 (AMD64))
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_amd64.deb
> Size/MD5 checksum: 7376450 ba1c75fa6963352a0af68c4db08d0c12
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_amd64.deb
> Size/MD5 checksum: 47708 4a3047795b3030063a47c969cfe4c324
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_amd64.deb
> Size/MD5 checksum: 1830910 c24fc179d4fb37994b5af2cb8c405ff1
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_amd64.deb
> Size/MD5 checksum: 25939846 8b0e047de274ed90f69a76f22866561a
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_amd64.deb
> Size/MD5 checksum: 7547346 003c7231b81203a50ec563ff5142a010
>
> arm architecture (ARM)
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_arm.deb
> Size/MD5 checksum: 47756 0145e1aa5ec02b5c60c2d78bbcd334a0
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_arm.deb
> Size/MD5 checksum: 25345622 2de813c86f1d10fb2df34d8b9de2336e
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_arm.deb
> Size/MD5 checksum: 6929754 8a6b3351769b567a468bc7dcb97a2141
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_arm.deb
> Size/MD5 checksum: 7204866 a8f69933d8081e753b76402e47e7a64a
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_arm.deb
> Size/MD5 checksum: 1747880 8da665b5f04444dcde03321f24ca8e4b
>
> hppa architecture (HP PA RISC)
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_hppa.deb
> Size/MD5 checksum: 1920486 cb9a2e86902dc3f174926fbd8397a969
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_hppa.deb
> Size/MD5 checksum: 8046116 1eb6b1199a2c0f6a8502008a2c6df376
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_hppa.deb
> Size/MD5 checksum: 27055710 085b261bf2ec3820e21ec73bb59f6caa
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_hppa.deb
> Size/MD5 checksum: 47708 c17ca051ebe8783fa120c4596e32d9c2
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_hppa.deb
> Size/MD5 checksum: 8003914 59650ba346b2af0d77afbac64e93cca8
>
> i386 architecture (Intel ia32)
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_i386.deb
> Size/MD5 checksum: 25370152 d615311235c5a9e6d85e7e77b4927d5d
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_i386.deb
> Size/MD5 checksum: 47746 1040540bc74e34b67d9606a4368162a7
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_i386.deb
> Size/MD5 checksum: 6971870 90aae8d289cb3df24009c65b1af3b12d
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_i386.deb
> Size/MD5 checksum: 7189880 6082aa213539a361cced40044161d108
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_i386.deb
> Size/MD5 checksum: 1793974 ab7cbdd14a9bff04066a865634ef1ce2
>
> ia64 architecture (Intel ia64)
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_ia64.deb
> Size/MD5 checksum: 9736902 1e93082931f1055cd4c1436caa0020f3
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_ia64.deb
> Size/MD5 checksum: 47710 3369d882bf2b99a05397aaeddf8bf864
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_ia64.deb
> Size/MD5 checksum: 2115340 472e412113e7ae0bb76853cf0167cd57
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_ia64.deb
> Size/MD5 checksum: 30408810 8c8982aae5e90c451b08f22bc2a5399d
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_ia64.deb
> Size/MD5 checksum: 10341648 a5ef1b86109c465131ccfe5a9147bd74
>
> mips architecture (MIPS (Big Endian))
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mips.deb
> Size/MD5 checksum: 7655576 b92c42fbbd64a377fcc4277a1696ccdd
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mips.deb
> Size/MD5 checksum: 1835994 2650808f606406336f55b31497bea015
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mips.deb
> Size/MD5 checksum: 7749018 db3eb1fb41084f7cda145ecc1f808402
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mips.deb
> Size/MD5 checksum: 47710 698fd659ef265c937dd045cfb2e9e28a
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mips.deb
> Size/MD5 checksum: 26338840 89c569b544aeb60ce6aae1c77d40965e
>
> mipsel architecture (MIPS (Little Endian))
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mipsel.deb
> Size/MD5 checksum: 1789510 2501eed6aaa7143a89f13e4bd9658ecf
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mipsel.deb
> Size/MD5 checksum: 47718 ed3dc0fc53b78b2307dc4790ff82a174
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mipsel.deb
> Size/MD5 checksum: 7640356 5417137e8b9632964ea0d67e8cd96416
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mipsel.deb
> Size/MD5 checksum: 25845474 d379d4a5f900202d6244858d379aa46a
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mipsel.deb
> Size/MD5 checksum: 7561164 31fa1242af6a762a92486aa327469d1f
>
> powerpc architecture (PowerPC)
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_powerpc.deb
> Size/MD5 checksum: 1832312 c6ab2b2c70aed56a7748eb0a5dd04c8c
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_powerpc.deb
> Size/MD5 checksum: 7573184 f43fb3a11284830b745346775073f92d
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_powerpc.deb
> Size/MD5 checksum: 7511850 184e9e37e760f4bb3779385d134975db
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_powerpc.deb
> Size/MD5 checksum: 47708 a76913df77b9f358f88a66875dc13a46
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_powerpc.deb
> Size/MD5 checksum: 26164462 386da660c381925416238a51b0a847a4
>
> s390 architecture (IBM S/390)
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_s390.deb
> Size/MD5 checksum: 47714 7fa0b60bff0e106f6328b0b026566008
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_s390.deb
> Size/MD5 checksum: 26763646 544f49b13f6207c1a104dc9eef9e6dd9
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_s390.deb
> Size/MD5 checksum: 7413442 b70c6184c3b82ead175debdd569ab807
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_s390.deb
> Size/MD5 checksum: 7507380 f9cecc1ace4fd2455516986637490930
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_s390.deb
> Size/MD5 checksum: 1951732 d5eaad746a8db92889febd0da68f1ae5
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_sparc.deb
> Size/MD5 checksum: 7153228 566328488d67a3843b04689d76f0253d
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_sparc.deb
> Size/MD5 checksum: 47714 551a6f9a790b301d63c856ecab13be75
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_sparc.deb
> Size/MD5 checksum: 7013384 3915c6846d5ffce6e321b7e40006cb66
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_sparc.deb
> Size/MD5 checksum: 1797430 b0bd228090c8923d08c9b8ee84a1edb8
> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_sparc.deb
> Size/MD5 checksum: 25425084 a9934459b8cde72354ffc463b2ec140f
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFHnjjKXm3vHE4uyloRApi/AKCLKlM616TTchb0zEQ8K4cOCdgZhwCffa1J
> oQ57J3yhzeNDDwqXdxLvhxM=
> =6ogr
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Prev by Date: Re: Why not have firewall rules by default?
Next by Date: syslogd lsitening on per default
Previous by thread: Re: [SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting
Next by thread: syslogd lsitening on per default
Index(es):
- Date
- Thread