[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060616151259.GF5145@piware.de>
Date: Fri, 16 Jun 2006 17:12:59 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-303-1] MySQL vulnerability
===========================================================
Ubuntu Security Notice USN-303-1 June 16, 2006
mysql-dfsg-4.1, mysql-dfsg-5.0 vulnerability
CVE-2006-2753
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libmysqlclient14 4.1.12-1ubuntu3.5
mysql-server-4.1 4.1.12-1ubuntu3.5
Ubuntu 6.06 LTS:
libmysqlclient15off 5.0.22-0ubuntu6.06
mysql-server-5.0 5.0.22-0ubuntu6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
An SQL injection vulnerability has been discovered when using less
popular multibyte encodings (such as SJIS, or BIG5) which contain
valid multibyte characters that end with the byte 0x5c (the
representation of the backslash character >>\<< in ASCII).
Many client libraries and applications use the non-standard, but
popular way of escaping the >>'<< character by replacing all
occurences of it with >>\'<<. If a client application uses one of the
affected encodings and does not interpret multibyte characters, and an
attacker supplies a specially crafted byte sequence as an input string
parameter, this escaping method would then produce a validly-encoded
character and an excess >>'<< character which would end the string.
All subsequent characters would then be interpreted as SQL code, so
the attacker could execute arbitrary SQL commands.
The updated packages fix the mysql_real_escape_string() function to
escape quote characters in a safe way. If you use third-party software
which uses an ad-hoc method of string escaping, you should convert
them to use mysql_real_escape_string() instead, or at least use the
standard SQL method of escaping >>'<< with >>''<<.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.5.diff.gz
Size/MD5: 164408 5397489739ab8a6fa1e2d7571ae16ca2
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.5.dsc
Size/MD5: 1024 22dc09e63f2b4127c80c059bd6153c04
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.5_all.deb
Size/MD5: 36658 8445340ee40a549040a29f7f89fa6055
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_amd64.deb
Size/MD5: 5831402 04b5f068cace48115f03eaa2945ba4f7
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_amd64.deb
Size/MD5: 1540532 52379ea5384399887a5044e2dc70a362
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_amd64.deb
Size/MD5: 898266 102c1f4e3a52f002c0072639a38fd1f1
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_amd64.deb
Size/MD5: 18433534 0b59eb84f010a37866855db11bc212d4
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_i386.deb
Size/MD5: 5347970 10e3a08014562d78a92c78f9473606ad
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_i386.deb
Size/MD5: 1475306 fe18f1652d49ce4f1f01f1fb41293ee0
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_i386.deb
Size/MD5: 866276 c4620364312b32767f4b8c93ca85ea6a
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_i386.deb
Size/MD5: 17336092 c0a7e15a536c68f101d711faca79acd0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_powerpc.deb
Size/MD5: 6069036 84fe04fd9e556e03a5f8017b0287056e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_powerpc.deb
Size/MD5: 1548894 042a41167cffb3aa116ceca7b144c04a
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_powerpc.deb
Size/MD5: 937510 b42029e8720887a9414a1e5affdfa2bf
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_powerpc.deb
Size/MD5: 18523172 687d56f3e0ea63af4bc5d972849e7019
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_sparc.deb
Size/MD5: 5657096 78aec682713ebb64ff7f56f5ec30a390
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_sparc.deb
Size/MD5: 1516244 461600c34dd324e019dd5f253864dcb6
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_sparc.deb
Size/MD5: 889180 b06d0b10dec55bf34f6af5f93be4bfb1
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_sparc.deb
Size/MD5: 17738656 2f56d26f632002847a5aa20d13ac3d69
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.diff.gz
Size/MD5: 124884 30192e23eff142a7d8cd474eb3b65c06
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.dsc
Size/MD5: 1105 e09e1c03b0e55a97aa2f5b393132596c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
Size/MD5: 18446645 2b8f36364373461190126817ec872031
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06_all.deb
Size/MD5: 36488 bf16f763f6c019d74cd5a55a34954d08
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06_all.deb
Size/MD5: 38988 4b48c8fe34e49ea7690dd847e0210c6e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06_all.deb
Size/MD5: 36492 51ec1d6030a085747746855f42a247fa
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_amd64.deb
Size/MD5: 6724410 3fd45ed8e0dde1ec45da36087fc9b466
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_amd64.deb
Size/MD5: 1421368 dd0a24e7f521cae816caaff9dd7b95c1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_amd64.deb
Size/MD5: 6895040 e05408c12fbdeb93ac9af0168a833945
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_amd64.deb
Size/MD5: 22490622 353f002eb8bf7adcfb6ac0a2aba200e7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_i386.deb
Size/MD5: 6138262 b8de5bb648d0a6787dc2a75e082fd338
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_i386.deb
Size/MD5: 1382000 458f53b535bf7c4240415b7f112398c2
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_i386.deb
Size/MD5: 6277278 03772cb73d84fbd786024bed75634f17
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_i386.deb
Size/MD5: 21345370 944c51038761b5d180e4a5b9405dd8cd
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_powerpc.deb
Size/MD5: 6881628 539aaeb27db75c415f86a08a60922bb6
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_powerpc.deb
Size/MD5: 1461696 da724231e301fc18b0068d2b74aba6da
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_powerpc.deb
Size/MD5: 6938652 78e94ffbb2e24ca9f0794c412b369009
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_powerpc.deb
Size/MD5: 22703752 25b58fa42fb62e132fbbc29e99e91176
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_sparc.deb
Size/MD5: 6429614 ae9e41ae750ad73206d9561d59504c5d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_sparc.deb
Size/MD5: 1433786 9e9108f42e43fbdd66fbdaa02d7990ce
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_sparc.deb
Size/MD5: 6535966 e909ab275b4ab5fbbc69d2f372532cf3
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_sparc.deb
Size/MD5: 21968038 43996ac14852a036d1ed8c4712f94804
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists