lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060508131020.GA5235@piware.de>
Date: Mon, 8 May 2006 15:10:20 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-283-1] MySQL vulnerabilities

===========================================================
Ubuntu Security Notice USN-283-1	       May 08, 2006
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
CVE-2006-1516, CVE-2006-1517
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mysql-server
mysql-server-4.1

The problem can be corrected by upgrading the affected package to
version 4.0.23-3ubuntu2.3 (for Ubuntu 5.04), 4.0.24-10ubuntu2.2
(mysql-server for Ubuntu 5.10), or 4.1.12-1ubuntu3.3 (mysql-server-4.1
for Ubuntu 5.10).  In general, a standard system upgrade is sufficient
to effect the necessary changes.

Details follow:

Stefano Di Paola discovered an information leak in the login packet
parser. By sending a specially crafted malformed login packet, a
remote attacker could exploit this to read a random piece of memory,
which could potentially reveal sensitive data. (CVE-2006-1516)

Stefano Di Paola also found a similar information leak in the parser
for the COM_TABLE_DUMP request. (CVE-2006-1517)


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.3.diff.gz
      Size/MD5:   345474 a03d04b6232f33905f239248035f3c38
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.3.dsc
      Size/MD5:      891 f45ff763a72c15171cad1162886f35de
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23.orig.tar.gz
      Size/MD5:  9814467 5eec8f66ed48c6ff92e73161651a492b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.23-3ubuntu2.3_all.deb
      Size/MD5:    32208 366666fa86a1832df41a6371ab247a13

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_amd64.deb
      Size/MD5:  2866464 bd0a5bcdee56e03cbecb27753e0f9f96
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_amd64.deb
      Size/MD5:   307028 3de11414c948eb5ba7cdd0a83eeb96f7
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_amd64.deb
      Size/MD5:   431620 d90f664ce975be92b926fd5b9d2429ab
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_amd64.deb
      Size/MD5:  3628942 9596aa1a65337b9b9dbf642c0bd9794d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_i386.deb
      Size/MD5:  2826196 0762c6d6057e91dae14ade788b45afba
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_i386.deb
      Size/MD5:   289722 1a4a652c075dcab324c7e4f3f6384d1f
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_i386.deb
      Size/MD5:   404788 e6dcfc067fbae77ce3421a8d8dfdf8cc
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_i386.deb
      Size/MD5:  3537800 ca606ecc15afb3cce2c295aa1f9ab344

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_powerpc.deb
      Size/MD5:  3179856 dce3423162923cfc56b1ac6b79e07e07
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_powerpc.deb
      Size/MD5:   312632 8cfae324093e3ea018d539d1183133d2
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_powerpc.deb
      Size/MD5:   462406 96c5db41bc684ebc7754145b52beea3e
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_powerpc.deb
      Size/MD5:  3839416 0268c71659e4c1cbaa07a88051a4db56


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.3.diff.gz
      Size/MD5:   162244 fddf1e4d87d56438a65315e3df406b49
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.3.dsc
      Size/MD5:     1024 adf2851ddc2685c8071330f3d6587ddf
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
      Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10ubuntu2.2.diff.gz
      Size/MD5:    98632 35543de80b68e132078805f930c22cc3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10ubuntu2.2.dsc
      Size/MD5:      964 a3306800e3fb87b1ba6425e1675a1c70
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
      Size/MD5:  9923794 aed8f335795a359f32492159e3edfaa3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.3_all.deb
      Size/MD5:    36412 1ff53ed798ff3e764776232c5b9ed8a2
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.24-10ubuntu2.2_all.deb
      Size/MD5:    34874 2237d7dee140b8a1c25fd0495b71c590

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_amd64.deb
      Size/MD5:  3231484 744f672b3638271f538859fead4086e3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_amd64.deb
      Size/MD5:   307940 4dfd1900c36aecbc840e69d246e55ffc
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_amd64.deb
      Size/MD5:  5830998 ad3e828060133fb423f98ace529022d3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_amd64.deb
      Size/MD5:  1539694 9b8cd250044091a4a659ac8d3edd914a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_amd64.deb
      Size/MD5:   897782 09e8a26e30ced2274986b76483952d18
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_amd64.deb
      Size/MD5:   439708 8d3c1f429dd4df1fca98dbfc7826641b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_amd64.deb
      Size/MD5: 18429678 c2584ea7c9ab83720f9dcdc9b425f080
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_amd64.deb
      Size/MD5:  3922172 8e6e94953f530e0e95f0e4cd7c64e5d9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_i386.deb
      Size/MD5:  2868602 bfb0d0580d0a1434e5d6168a9964afe1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_i386.deb
      Size/MD5:   291768 c1d98662f9ee65b7e03a42ba37b71ed8
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_i386.deb
      Size/MD5:  5347206 e3d8e9e5f4fd1f5a8966d9535233d01c
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_i386.deb
      Size/MD5:  1474730 25ee2f76ad4a8ee8a71c93c21be8e75c
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_i386.deb
      Size/MD5:   865934 82a45bd5ea12d4b2b80341ac8a99e5a7
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_i386.deb
      Size/MD5:   413660 44384cf27d24c0b402182d61dbf954ca
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_i386.deb
      Size/MD5: 17335996 0f182836baf752da5614df0e07b59fdf
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_i386.deb
      Size/MD5:  3555698 8ba9724a80d6dba7a9a9ba88567a597f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_powerpc.deb
      Size/MD5:  3090218 f9affc50377eb158f6ebb17e8461b293
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_powerpc.deb
      Size/MD5:   305738 5d2b428dc00828d93bda45278b953c69
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_powerpc.deb
      Size/MD5:  6067794 3a9b7587c906545ba6f27f275c6ab1c4
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_powerpc.deb
      Size/MD5:  1547882 bc20a7b7659aba5ce22dc6a2cf0a6a6f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_powerpc.deb
      Size/MD5:   937142 b3aae00524eb4fbdbfda3d16cfdb647c
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_powerpc.deb
      Size/MD5:   453620 043b3b5ed7e7cee2f620aa1a3160ba5f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_powerpc.deb
      Size/MD5: 18521840 59456b5875845e245d6698ce4020012f
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_powerpc.deb
      Size/MD5:  3664314 e3405e9c5f9202255e7e7d2c1b340815

Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ