[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060721125618.GF5167@piware.de>
Date: Fri, 21 Jul 2006 14:56:18 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-321-1] mysql-dfsg-4.1 vulnerability
===========================================================
Ubuntu Security Notice USN-321-1 July 21, 2006
mysql-dfsg-4.1 vulnerability
CVE-2006-3469
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
mysql-server-4.1 4.1.12-1ubuntu3.7
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.7.diff.gz
Size/MD5: 165177 e3f4a9d6d9803befbba2532addd92b71
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.7.dsc
Size/MD5: 1024 33020e3d005bd77d484f34abecf1c177
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.7_all.deb
Size/MD5: 36830 d60762f789e3bd2b4fd3a456d3f73930
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.7_amd64.deb
Size/MD5: 5831474 bced6d17845dc9588a089d49f02d55b0
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.7_amd64.deb
Size/MD5: 1540694 af1be52eddc78528ecd022434171906e
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.7_amd64.deb
Size/MD5: 898462 d45442957f383440bd191f930b443547
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.7_amd64.deb
Size/MD5: 18433692 e071ef9ab926bfb5140a40c26c3ed78f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.7_i386.deb
Size/MD5: 5348328 8fd1aadc67f3377de8d9d938fed7c165
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.7_i386.deb
Size/MD5: 1475476 c5258fbb58cb8cb9723a7ffa4284d0f1
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.7_i386.deb
Size/MD5: 866460 42d1d8b4841a60bd8579e393b18dbe3f
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.7_i386.deb
Size/MD5: 17336370 e535ca52af75dd467f68e26b6a9d5e27
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.7_powerpc.deb
Size/MD5: 6069400 36169591c90ee3417371a958cadc7b71
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.7_powerpc.deb
Size/MD5: 1549166 901ef463598f28da3cfac186a66558da
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.7_powerpc.deb
Size/MD5: 937712 1e8b6a06c6b3dfba1e99a7781da0a66c
http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.7_powerpc.deb
Size/MD5: 18523422 69e4c4a92cd298cfc3e60a7b907b3529
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists