USN-180-1: MySQL vulnerability
Posted on: 09/12/2005 06:32 AM

A new MySQL vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-180-1 September 12, 2005
mysql-dfsg vulnerability
CAN-2005-2558
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mysql-server

The problem can be corrected by upgrading the affected package to
version 4.0.20-2ubuntu1.6 (for Ubuntu 4.10), or 4.0.23-3ubuntu2.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

AppSecInc Team SHATTER discovered a buffer overflow in the "CREATE
FUNCTION" statement. By specifying a specially crafted long function
name, a local or remote attacker with function creation privileges
could crash the server or execute arbitrary code with server
privileges.

However, the right to create function is usually not granted to
untrusted users.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.6.diff.gz
Size/MD5: 176229 d6bc8b2b2b230e78ec9687da9efcbf51
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.6.dsc
Size/MD5: 892 e8a6c1da7ee9c9a4f0d0230668194d92
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20.orig.tar.gz
Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.20-2ubuntu1.6_all.deb
Size/MD5: 24954 e37ec0b833581cbb3a61adabaaded1e6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.6_amd64.deb
Size/MD5: 2810910 37e3be47166916cbee74710ec7941ff1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.6_amd64.deb
Size/MD5: 305050 6eca63fba27f260519148a983c4f5f63
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.6_amd64.deb
Size/MD5: 423074 3448add9571e27d59ce0d606030bd4c8
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.6_amd64.deb
Size/MD5: 3577998 b8f2959dc35ab200830ae3b5a4c21784

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.6_i386.deb
Size/MD5: 2774308 10791fbe23039feaca5b8da4305a0331
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.6_i386.deb
Size/MD5: 287958 f902c18ef2ee28d48b8cd63d69d522c1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.6_i386.deb
Size/MD5: 397058 eaf9ed1dfd775ba54bc48c69d9bded4f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.6_i386.deb
Size/MD5: 3487096 f58367c64af08240f7f2915f9c14ee03

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.6_powerpc.deb
Size/MD5: 3110364 460bc8875819e44f85f2da23ad9d96ee
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.6_powerpc.deb
Size/MD5: 308678 fc6f6a70b2d3f5e58936e8d47d46ead3
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.6_powerpc.deb
Size/MD5: 452452 f2b5ac7242ab5fe61f83af19a429ca01
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.6_powerpc.deb
Size/MD5: 3770658 44000810678e5b2d65394c79bbe85d1b

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.1.diff.gz
Size/MD5: 343131 734dbd10607e6b7c97bf6f7cb28d8473
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.1.dsc
Size/MD5: 891 2fe7a16171615d70802177d7894ab690
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23.orig.tar.gz
Size/MD5: 9814467 5eec8f66ed48c6ff92e73161651a492b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.23-3ubuntu2.1_all.deb
Size/MD5: 31820 2870e1063ad371be5f4449481e2a7588

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.1_amd64.deb
Size/MD5: 2865804 f12ae406ed4bee3a88f103a56d075991
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.1_amd64.deb
Size/MD5: 306634 db41d303bb8144d09597d9be905ff38b
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.1_amd64.deb
Size/MD5: 431240 39cc82842d9b7bb67ae9bde729fdda87
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.1_amd64.deb
Size/MD5: 3628528 fe6256a00bb730774502869f5fd54ee5

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.1_i386.deb
Size/MD5: 2825576 ddd4a5456bf07946f5799fda59edc08b
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.1_i386.deb
Size/MD5: 289312 f8430b12efc6ddd1ab06472efa4d1298
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.1_i386.deb
Size/MD5: 404398 0ce9fbe31c10a165ce21c35ff02ec796
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.1_i386.deb
Size/MD5: 3537534 9579ab2fec18babd77eb1a08679ba7d1

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.1_powerpc.deb
Size/MD5: 3179176 91554ba66b4f098bb2bfd4f12920d56d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.1_powerpc.deb
Size/MD5: 312222 c286c5563c54fe683b3feb0497e84370
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.1_powerpc.deb
Size/MD5: 461978 d9710de33c7a9adc2cdd93607f72a180
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.1_powerpc.deb
Size/MD5: 3839218 33e94b0a7468a80ba1ab96f83515d61a

--JYK4vJDZwFMowpUq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDJUvuDecnbV4Fd/IRAm13AKCnJVTwJzP9MtSarMY5F/8K3bRVSQCffQ/w
HUEPl+YBJ2m5+DepaxgEnAM=
=gmvt
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_180_1_mysql_vulnerability.html)