lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050912093542.GB21098@piware.de>
Date: Mon, 12 Sep 2005 11:35:42 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-180-1] MySQL vulnerability

===========================================================
Ubuntu Security Notice USN-180-1	 September 12, 2005
mysql-dfsg vulnerability
CAN-2005-2558
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mysql-server

The problem can be corrected by upgrading the affected package to
version 4.0.20-2ubuntu1.6 (for Ubuntu 4.10), or 4.0.23-3ubuntu2.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

AppSecInc Team SHATTER discovered a buffer overflow in the "CREATE
FUNCTION" statement. By specifying a specially crafted long function
name, a local or remote attacker with function creation privileges
could crash the server or execute arbitrary code with server
privileges.

However, the right to create function is usually not granted to
untrusted users.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.6.diff.gz
      Size/MD5:   176229 d6bc8b2b2b230e78ec9687da9efcbf51
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.6.dsc
      Size/MD5:      892 e8a6c1da7ee9c9a4f0d0230668194d92
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20.orig.tar.gz
      Size/MD5:  9760117 f092867f6df2f50b34b8065312b9fb2b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.20-2ubuntu1.6_all.deb
      Size/MD5:    24954 e37ec0b833581cbb3a61adabaaded1e6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.6_amd64.deb
      Size/MD5:  2810910 37e3be47166916cbee74710ec7941ff1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.6_amd64.deb
      Size/MD5:   305050 6eca63fba27f260519148a983c4f5f63
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.6_amd64.deb
      Size/MD5:   423074 3448add9571e27d59ce0d606030bd4c8
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.6_amd64.deb
      Size/MD5:  3577998 b8f2959dc35ab200830ae3b5a4c21784

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.6_i386.deb
      Size/MD5:  2774308 10791fbe23039feaca5b8da4305a0331
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.6_i386.deb
      Size/MD5:   287958 f902c18ef2ee28d48b8cd63d69d522c1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.6_i386.deb
      Size/MD5:   397058 eaf9ed1dfd775ba54bc48c69d9bded4f
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.6_i386.deb
      Size/MD5:  3487096 f58367c64af08240f7f2915f9c14ee03

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.6_powerpc.deb
      Size/MD5:  3110364 460bc8875819e44f85f2da23ad9d96ee
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.6_powerpc.deb
      Size/MD5:   308678 fc6f6a70b2d3f5e58936e8d47d46ead3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.6_powerpc.deb
      Size/MD5:   452452 f2b5ac7242ab5fe61f83af19a429ca01
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.6_powerpc.deb
      Size/MD5:  3770658 44000810678e5b2d65394c79bbe85d1b

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.1.diff.gz
      Size/MD5:   343131 734dbd10607e6b7c97bf6f7cb28d8473
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.1.dsc
      Size/MD5:      891 2fe7a16171615d70802177d7894ab690
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23.orig.tar.gz
      Size/MD5:  9814467 5eec8f66ed48c6ff92e73161651a492b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.23-3ubuntu2.1_all.deb
      Size/MD5:    31820 2870e1063ad371be5f4449481e2a7588

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.1_amd64.deb
      Size/MD5:  2865804 f12ae406ed4bee3a88f103a56d075991
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.1_amd64.deb
      Size/MD5:   306634 db41d303bb8144d09597d9be905ff38b
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.1_amd64.deb
      Size/MD5:   431240 39cc82842d9b7bb67ae9bde729fdda87
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.1_amd64.deb
      Size/MD5:  3628528 fe6256a00bb730774502869f5fd54ee5

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.1_i386.deb
      Size/MD5:  2825576 ddd4a5456bf07946f5799fda59edc08b
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.1_i386.deb
      Size/MD5:   289312 f8430b12efc6ddd1ab06472efa4d1298
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.1_i386.deb
      Size/MD5:   404398 0ce9fbe31c10a165ce21c35ff02ec796
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.1_i386.deb
      Size/MD5:  3537534 9579ab2fec18babd77eb1a08679ba7d1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.1_powerpc.deb
      Size/MD5:  3179176 91554ba66b4f098bb2bfd4f12920d56d
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.1_powerpc.deb
      Size/MD5:   312222 c286c5563c54fe683b3feb0497e84370
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.1_powerpc.deb
      Size/MD5:   461978 d9710de33c7a9adc2cdd93607f72a180
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.1_powerpc.deb
      Size/MD5:  3839218 33e94b0a7468a80ba1ab96f83515d61a

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ