Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-63-1: MySQL client vulnerability
Posted by Philipp Esselbach on: 01/19/2005 02:05 AM [ Print | 0 comment(s) ]
A MySQL security update is available for Ubuntu Linux 4.10
===========================================================
Ubuntu Security Notice USN-63-1 January 18, 2005
mysql-dfsg vulnerability
CAN-2005-0004
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mysql-client
The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
===========================================================
Ubuntu Security Notice USN-63-1 January 18, 2005
mysql-dfsg vulnerability
CAN-2005-0004
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mysql-client
The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Javier Fernandez-Sanguino Pea noticed that the "mysqlaccess" program created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20-2ubuntu1.2.diff.gz
Size/MD5: 166762 9539079855c393735822c2a81066fc4f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20-2ubuntu1.2.dsc
Size/MD5: 892 ffefecd7367ae204441e9c578ef99c80
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20.orig.tar.gz
Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4
.0.20-2ubuntu1.2_all.deb
Size/MD5: 24118 f4dc709c79ba5d369897ff900c902d71
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.2_amd64.deb
Size/MD5: 2809872 a55c0f636b25edd5d13c0d803338488d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.2_amd64.deb
Size/MD5: 304142 b86111022aa1c15af7f7f3036f5433be
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.2_amd64.deb
Size/MD5: 422204 f9bc9eb8cd9ac67e52eaa524e57bac99
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.2_amd64.deb
Size/MD5: 3576784 d53773fbd06bb053f0a46e529aa38eee
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.2_i386.deb
Size/MD5: 2773210 a6852a3f424271259b39bb03bb461b04
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.2_i386.deb
Size/MD5: 287134 a21f225c8fa3330a43927745011c205f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.2_i386.deb
Size/MD5: 396138 0c2b5af3861525c81f2ff1ff220ecec9
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.2_i386.deb
Size/MD5: 3485736 1604893d7116f1a157bd21ba1691cf10
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.2_powerpc.deb
Size/MD5: 3109196 55cfe8be306fcf4b52b28dcd71b5f248
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.2_powerpc.deb
Size/MD5: 307810 214c3513201913fe536530c9635a260e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.2_powerpc.deb
Size/MD5: 451622 990dc682f047b6f90ada50cbaa68bd99
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.2_powerpc.deb
Size/MD5: 3769240 007381b48ea3e942fd46d91321422673
Javier Fernandez-Sanguino Pea noticed that the "mysqlaccess" program created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20-2ubuntu1.2.diff.gz
Size/MD5: 166762 9539079855c393735822c2a81066fc4f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20-2ubuntu1.2.dsc
Size/MD5: 892 ffefecd7367ae204441e9c578ef99c80
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20.orig.tar.gz
Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4
.0.20-2ubuntu1.2_all.deb
Size/MD5: 24118 f4dc709c79ba5d369897ff900c902d71
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.2_amd64.deb
Size/MD5: 2809872 a55c0f636b25edd5d13c0d803338488d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.2_amd64.deb
Size/MD5: 304142 b86111022aa1c15af7f7f3036f5433be
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.2_amd64.deb
Size/MD5: 422204 f9bc9eb8cd9ac67e52eaa524e57bac99
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.2_amd64.deb
Size/MD5: 3576784 d53773fbd06bb053f0a46e529aa38eee
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.2_i386.deb
Size/MD5: 2773210 a6852a3f424271259b39bb03bb461b04
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.2_i386.deb
Size/MD5: 287134 a21f225c8fa3330a43927745011c205f
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.2_i386.deb
Size/MD5: 396138 0c2b5af3861525c81f2ff1ff220ecec9
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.2_i386.deb
Size/MD5: 3485736 1604893d7116f1a157bd21ba1691cf10
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.2_powerpc.deb
Size/MD5: 3109196 55cfe8be306fcf4b52b28dcd71b5f248
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.2_powerpc.deb
Size/MD5: 307810 214c3513201913fe536530c9635a260e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.2_powerpc.deb
Size/MD5: 451622 990dc682f047b6f90ada50cbaa68bd99
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.2_powerpc.deb
Size/MD5: 3769240 007381b48ea3e942fd46d91321422673
