[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060508131020.GA5235@piware.de>
Date: Mon, 8 May 2006 15:10:20 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-283-1] MySQL vulnerabilities
===========================================================
Ubuntu Security Notice USN-283-1 May 08, 2006
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
CVE-2006-1516, CVE-2006-1517
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
mysql-server
mysql-server-4.1
The problem can be corrected by upgrading the affected package to
version 4.0.23-3ubuntu2.3 (for Ubuntu 5.04), 4.0.24-10ubuntu2.2
(mysql-server for Ubuntu 5.10), or 4.1.12-1ubuntu3.3 (mysql-server-4.1
for Ubuntu 5.10). In general, a standard system upgrade is sufficient
to effect the necessary changes.
Details follow:
Stefano Di Paola discovered an information leak in the login packet
parser. By sending a specially crafted malformed login packet, a
remote attacker could exploit this to read a random piece of memory,
which could potentially reveal sensitive data. (CVE-2006-1516)
Stefano Di Paola also found a similar information leak in the parser
for the COM_TABLE_DUMP request. (CVE-2006-1517)
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.3.diff.gz
Size/MD5: 345474 a03d04b6232f33905f239248035f3c38
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.3.dsc
Size/MD5: 891 f45ff763a72c15171cad1162886f35de
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23.orig.tar.gz
Size/MD5: 9814467 5eec8f66ed48c6ff92e73161651a492b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.23-3ubuntu2.3_all.deb
Size/MD5: 32208 366666fa86a1832df41a6371ab247a13
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_amd64.deb
Size/MD5: 2866464 bd0a5bcdee56e03cbecb27753e0f9f96
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_amd64.deb
Size/MD5: 307028 3de11414c948eb5ba7cdd0a83eeb96f7
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_amd64.deb
Size/MD5: 431620 d90f664ce975be92b926fd5b9d2429ab
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_amd64.deb
Size/MD5: 3628942 9596aa1a65337b9b9dbf642c0bd9794d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_i386.deb
Size/MD5: 2826196 0762c6d6057e91dae14ade788b45afba
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_i386.deb
Size/MD5: 289722 1a4a652c075dcab324c7e4f3f6384d1f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_i386.deb
Size/MD5: 404788 e6dcfc067fbae77ce3421a8d8dfdf8cc
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_i386.deb
Size/MD5: 3537800 ca606ecc15afb3cce2c295aa1f9ab344
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_powerpc.deb
Size/MD5: 3179856 dce3423162923cfc56b1ac6b79e07e07
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_powerpc.deb
Size/MD5: 312632 8cfae324093e3ea018d539d1183133d2
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_powerpc.deb
Size/MD5: 462406 96c5db41bc684ebc7754145b52beea3e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_powerpc.deb
Size/MD5: 3839416 0268c71659e4c1cbaa07a88051a4db56
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.3.diff.gz
Size/MD5: 162244 fddf1e4d87d56438a65315e3df406b49
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.3.dsc
Size/MD5: 1024 adf2851ddc2685c8071330f3d6587ddf
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10ubuntu2.2.diff.gz
Size/MD5: 98632 35543de80b68e132078805f930c22cc3
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10ubuntu2.2.dsc
Size/MD5: 964 a3306800e3fb87b1ba6425e1675a1c70
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
Size/MD5: 9923794 aed8f335795a359f32492159e3edfaa3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.3_all.deb
Size/MD5: 36412 1ff53ed798ff3e764776232c5b9ed8a2
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.24-10ubuntu2.2_all.deb
Size/MD5: 34874 2237d7dee140b8a1c25fd0495b71c590
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_amd64.deb
Size/MD5: 3231484 744f672b3638271f538859fead4086e3
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_amd64.deb
Size/MD5: 307940 4dfd1900c36aecbc840e69d246e55ffc
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_amd64.deb
Size/MD5: 5830998 ad3e828060133fb423f98ace529022d3
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_amd64.deb
Size/MD5: 1539694 9b8cd250044091a4a659ac8d3edd914a
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_amd64.deb
Size/MD5: 897782 09e8a26e30ced2274986b76483952d18
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_amd64.deb
Size/MD5: 439708 8d3c1f429dd4df1fca98dbfc7826641b
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_amd64.deb
Size/MD5: 18429678 c2584ea7c9ab83720f9dcdc9b425f080
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_amd64.deb
Size/MD5: 3922172 8e6e94953f530e0e95f0e4cd7c64e5d9
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_i386.deb
Size/MD5: 2868602 bfb0d0580d0a1434e5d6168a9964afe1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_i386.deb
Size/MD5: 291768 c1d98662f9ee65b7e03a42ba37b71ed8
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_i386.deb
Size/MD5: 5347206 e3d8e9e5f4fd1f5a8966d9535233d01c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_i386.deb
Size/MD5: 1474730 25ee2f76ad4a8ee8a71c93c21be8e75c
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_i386.deb
Size/MD5: 865934 82a45bd5ea12d4b2b80341ac8a99e5a7
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_i386.deb
Size/MD5: 413660 44384cf27d24c0b402182d61dbf954ca
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_i386.deb
Size/MD5: 17335996 0f182836baf752da5614df0e07b59fdf
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_i386.deb
Size/MD5: 3555698 8ba9724a80d6dba7a9a9ba88567a597f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_powerpc.deb
Size/MD5: 3090218 f9affc50377eb158f6ebb17e8461b293
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_powerpc.deb
Size/MD5: 305738 5d2b428dc00828d93bda45278b953c69
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_powerpc.deb
Size/MD5: 6067794 3a9b7587c906545ba6f27f275c6ab1c4
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_powerpc.deb
Size/MD5: 1547882 bc20a7b7659aba5ce22dc6a2cf0a6a6f
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_powerpc.deb
Size/MD5: 937142 b3aae00524eb4fbdbfda3d16cfdb647c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_powerpc.deb
Size/MD5: 453620 043b3b5ed7e7cee2f620aa1a3160ba5f
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_powerpc.deb
Size/MD5: 18521840 59456b5875845e245d6698ce4020012f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_powerpc.deb
Size/MD5: 3664314 e3405e9c5f9202255e7e7d2c1b340815
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists