[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1226954526.8216.5.camel@mdlinux.technorage.com>
Date: Mon, 17 Nov 2008 15:42:06 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-671-1] MySQL vulnerabilities
===========================================================
Ubuntu Security Notice USN-671-1 November 17, 2008
mysql-dfsg-5.0 vulnerabilities
CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.11
Ubuntu 7.10:
mysql-server-5.0 5.0.45-1ubuntu3.4
Ubuntu 8.04 LTS:
mysql-server-5.0 5.0.51a-3ubuntu5.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use the
DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege
checks. This update alters table creation behaviour by disallowing the
use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY
options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)
It was discovered that MySQL did not handle empty bit-string literals
properly. An attacker could exploit this problem and cause the MySQL
server to crash, leading to a denial of service. (CVE-2008-3963)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.11.diff.gz
Size/MD5: 166038 5bb9d1f41b8a34e3f935d87cf8ea553c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.11.dsc
Size/MD5: 1124 dfb2b087d32df29aa9697dd004c488c4
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
Size/MD5: 18446645 2b8f36364373461190126817ec872031
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.11_all.deb
Size/MD5: 38944 2f54e68e4fa140998c0cb78a70fc119e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.11_all.deb
Size/MD5: 41488 ef268bffd224ccf90dd590820de702a7
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.11_all.deb
Size/MD5: 38948 6bd7b45911f2bacec67d578ee812f110
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.11_amd64.deb
Size/MD5: 6729886 af2c395368182937c76d5f165d478df3
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.11_amd64.deb
Size/MD5: 1423924 58ca08b4eef39c0e2d34aaa2cddf42cb
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.11_amd64.deb
Size/MD5: 6897622 fc9e0c76dbde4321de287a102c002db2
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.11_amd64.deb
Size/MD5: 22493516 ec7f8f5c669bb7f1ca0b7d54bd63ca7d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.11_i386.deb
Size/MD5: 6142732 d411a303d293fd8559f042ce230615d1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.11_i386.deb
Size/MD5: 1384350 1dcfa047e463b45f45942ac0bea623b1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.11_i386.deb
Size/MD5: 6280092 9a555aa506be5086d952af12afbf5b3d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.11_i386.deb
Size/MD5: 21352916 0285f357ed2a35ecbd81b7f13fcbe0dd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.11_powerpc.deb
Size/MD5: 6886660 c3f1cef7637a94b3c4ba3d3cc74a4a36
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.11_powerpc.deb
Size/MD5: 1464208 1ab2aa38f4e27b74e3d3e962e44977e3
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.11_powerpc.deb
Size/MD5: 6944814 311ed284fb1456d3e20fc49b53ae1020
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.11_powerpc.deb
Size/MD5: 22708138 87480f1d414b63dd32f9bc017786573e
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.11_sparc.deb
Size/MD5: 6435552 66ae0f7ef9fef58a118965e54af6d751
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.11_sparc.deb
Size/MD5: 1436346 e2c0b9566472e770eb2d58be24de248c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.11_sparc.deb
Size/MD5: 6542200 09a89f54af6584167a1cae9cffbc735f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.11_sparc.deb
Size/MD5: 21974286 cab9ee96e01b4df8243bf74767819088
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45-1ubuntu3.4.diff.gz
Size/MD5: 243362 6b79d30861b757447d41706e3731e395
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45-1ubuntu3.4.dsc
Size/MD5: 1302 9a87569e45aded8c98c43d53c12d30de
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45.orig.tar.gz
Size/MD5: 17801680 ab450aa2e9b89f3b4e01fd12375b1bee
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.45-1ubuntu3.4_all.deb
Size/MD5: 48538 8338809ac72972866d2363a6ce681c15
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.45-1ubuntu3.4_all.deb
Size/MD5: 56744 71342b47c409b2b4e4ead8c8cef4e7f8
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.45-1ubuntu3.4_all.deb
Size/MD5: 50738 2e37d678979ce0a893092d1ff949d4e1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.4_amd64.deb
Size/MD5: 7564626 120e18e6fc2d3208b0531cac5d8209a0
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.4_amd64.deb
Size/MD5: 1917186 838695d874b436643792bec417299410
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.4_amd64.deb
Size/MD5: 7999284 e73b18453d17f783e5e4c4653e7ff893
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.4_amd64.deb
Size/MD5: 27571570 6f0e6edd92ab9f107149952c4fc5e14d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.4_i386.deb
Size/MD5: 7043450 a33ba64ed57deb1bef09ddae94abe8c0
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.4_i386.deb
Size/MD5: 1867614 f16cc5ff9ffdf951f47da895a4f40f93
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.4_i386.deb
Size/MD5: 7497426 43ab893a69ae8bf09d8795281509d50d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.4_i386.deb
Size/MD5: 26786564 33eceaf638a2d9042d32b41b2498394a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.4_lpia.deb
Size/MD5: 7023394 ce3cbd8d1d3636158e26aac448f17e6e
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.4_lpia.deb
Size/MD5: 1843862 33187655eeaf528d82620681bab73a9b
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.4_lpia.deb
Size/MD5: 7518330 457f957ebbf1cc88d7bd433354b99d8b
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.4_lpia.deb
Size/MD5: 26760376 b52d4eea4a46f8eab45d1b991dd6bfae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.4_powerpc.deb
Size/MD5: 7762838 9ba0474b47f276590162a3c85c0d382f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.4_powerpc.deb
Size/MD5: 1949498 2fe6fd7147097a2dbe1768b12a505fc9
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.4_powerpc.deb
Size/MD5: 8066000 0a14243fe3631806abb5de27bd3e03dc
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.4_powerpc.deb
Size/MD5: 28023398 138612db5e9249bb2c54f4d71a0914d3
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.4_sparc.deb
Size/MD5: 7173132 2b4016c87626737b6a970ed169c80a24
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.4_sparc.deb
Size/MD5: 1877642 14963beda22c01f734c403822d561ef8
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.4_sparc.deb
Size/MD5: 7583722 c1a60b545f38172c683d76ea953f41f6
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.4_sparc.deb
Size/MD5: 27140728 b79d11ad9b4cf9b20a92ca1bfccf6eeb
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-3ubuntu5.4.diff.gz
Size/MD5: 314416 a98a2519ef59bc5b0cef4940c4961f35
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-3ubuntu5.4.dsc
Size/MD5: 1430 57f5a32ccf3d46aefcb56407fc238007
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz
Size/MD5: 17946664 6fae978908ad5eb790fa3f24f16dadba
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-3ubuntu5.4_all.deb
Size/MD5: 52052 8200893fa342e477a2af354d141015e7
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-3ubuntu5.4_all.deb
Size/MD5: 60302 8e8d4aa0af490eeadde3d1684c669de1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-3ubuntu5.4_all.deb
Size/MD5: 54240 34a21b40b4e18dd8dbfbf5ca30fd8e53
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.4_amd64.deb
Size/MD5: 7594702 71f4511bd9ce2275d080bf4f27e8f4dd
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.4_amd64.deb
Size/MD5: 1877812 afa3900abcb025df70ccc444444a006a
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.4_amd64.deb
Size/MD5: 8241010 cdb59824c82d8412a4f324f38f9c1260
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.4_amd64.deb
Size/MD5: 28018274 b106f4f668381cd55a5da7d40be9e7ce
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.4_i386.deb
Size/MD5: 7216262 f252c8299c00e805022a99374561eeba
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.4_i386.deb
Size/MD5: 1836766 247b3c027653b3f6cd9b89320ba7572e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.4_i386.deb
Size/MD5: 7826312 f948d312520c64c0d73982e162201f09
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.4_i386.deb
Size/MD5: 27427752 090b315903161e7f72d0b7e2be804ee1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.4_lpia.deb
Size/MD5: 7160694 d0bd82cf31dae1cec8ca04241baba49d
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.4_lpia.deb
Size/MD5: 1826820 3bb18a419dceccfb58aa5d3cd99bf31a
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.4_lpia.deb
Size/MD5: 7840058 80f24b9ce82a2f93f4ed8ce635114e7a
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.4_lpia.deb
Size/MD5: 27357990 65e92cb0e552509a820410351456fa97
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.4_powerpc.deb
Size/MD5: 7587468 045eee93159914db564084d88a3d5304
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.4_powerpc.deb
Size/MD5: 1915302 eef9aedee7b37cb81a9a980d42049406
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.4_powerpc.deb
Size/MD5: 8241574 7f57a684310fe601446729a3e539b49f
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.4_powerpc.deb
Size/MD5: 28344344 d3be9955a55a22ced19fe9d25b129bd6
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-3ubuntu5.4_sparc.deb
Size/MD5: 7199786 d2c692836274f21677499177121e046b
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-3ubuntu5.4_sparc.deb
Size/MD5: 1846000 b0456b96173850dfa4eb597c4d42f4ac
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-3ubuntu5.4_sparc.deb
Size/MD5: 7830916 cd55ac1ad14ce9713de2e8c9397c1018
http://ports.ubuntu.com/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-3ubuntu5.4_sparc.deb
Size/MD5: 27642386 8cf989c15071150c10abc1175c048022
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists