[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041125121520.GA14960@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-32-1] mysql vulnerabilities
===========================================================
Ubuntu Security Notice USN-32-1 November 25, 2004
mysql-dfsg vulnerabilities
CAN-2004-0836, CAN-2004-0837, CAN-2004-0956, CAN-2004-0957
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mysql-server
The problem can be corrected by upgrading the affected package to
version 4.0.20-2ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Several vulnerabilities have been discovered in the MySQL database
server.
Lukasz Wojtow discovered a potential buffer overflow in the function
mysql_real_connect(). A malicious name server could send specially
crafted DNS packages which might result in execution of arbitrary code
with the database server's privileges. However, it is believed that
this bug cannot be exploited with the C Standard library (glibc) that
Ubuntu uses. (CAN-2004-0836).
Dean Ellis noticed a flaw that allows an authorized MySQL user to
cause a denial of service (crash or hang) via concurrent execution of
certain statements (ALTER TABLE ... UNION=, FLUSH TABLES) on tables of
type MERGE (CAN-2004-0837)
Some query strings containing a double quote (like MATCH ... AGAINST
(' some " query' IN BOOLEAN MODE) ) that did not have a matching
closing double quote caused a denial of service (server crash). Again,
this is only exploitable by authorized mysql users. (CAN-2004-0956)
If a user was granted privileges to a database with a name containing
an underscore ("_"), the user also gained the ability to grant
privileges to other databases with similar names. (CAN-2004-0957)
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.1.diff.gz
Size/MD5: 165384 7f507b594e9d5d9cd0a7adb2eca5d0c4
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.1.dsc
Size/MD5: 892 3afca4b6ec963ad9c239deb7df0c556d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20.orig.tar.gz
Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.20-2ubuntu1.1_all.deb
Size/MD5: 24012 44750442562ef128334a4ad1bcfef15c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_amd64.deb
Size/MD5: 2809794 a257ea0675c52c60b5d1ef3d5dfadebc
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_amd64.deb
Size/MD5: 304040 759952b1db7359f3f3b54d3d3bbc11ff
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_amd64.deb
Size/MD5: 422102 d95d773d2479c3878a56248cdf2428de
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_amd64.deb
Size/MD5: 3576654 4641b0ff8d06e82e21648352f01282d2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_i386.deb
Size/MD5: 2773050 4717ed4d1405d70c6ede0056ee40e490
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_i386.deb
Size/MD5: 287018 5b18d12015bb46bf0c89e5bcc323b0a5
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_i386.deb
Size/MD5: 396026 097eff3da7fc711a52473f62535c5d04
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_i386.deb
Size/MD5: 3485608 0886647a564f4136efc4f72f694d22c3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_powerpc.deb
Size/MD5: 3109072 b510d1c4a3a33da55cb3b97a612b2e19
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_powerpc.deb
Size/MD5: 307718 55738df34a3f30e34d702d8b804bb57a
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_powerpc.deb
Size/MD5: 451512 7dcb7e811ff6a0a8a0528bbb49229ac1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_powerpc.deb
Size/MD5: 3769072 f7274343ac2163a0ff377c9cad1ec07e
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041125/f27131d7/attachment.bin
Powered by blists - more mailing lists