USN-32-1: mysql vulnerabilities
Posted on: 11/25/2004 09:02 AM

Updated MySQL packages are available for Ubuntu Linux 4.10

Ubuntu Security Notice USN-32-1 November 25, 2004
mysql-dfsg vulnerabilities
CAN-2004-0836, CAN-2004-0837, CAN-2004-0956, CAN-2004-0957

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Several vulnerabilities have been discovered in the MySQL database server.

Lukasz Wojtow discovered a potential buffer overflow in the function mysql_real_connect(). A malicious name server could send specially crafted DNS packages which might result in execution of arbitrary code with the database server's privileges. However, it is believed that this bug cannot be exploited with the C Standard library (glibc) that Ubuntu uses. (CAN-2004-0836).

Dean Ellis noticed a flaw that allows an authorized MySQL user to cause a denial of service (crash or hang) via concurrent execution of certain statements (ALTER TABLE ... UNION=, FLUSH TABLES) on tables of type MERGE (CAN-2004-0837)

Some query strings containing a double quote (like MATCH ... AGAINST (' some " query' IN BOOLEAN MODE) ) that did not have a matching closing double quote caused a denial of service (server crash). Again, this is only exploitable by authorized mysql users. (CAN-2004-0956)

If a user was granted privileges to a database with a name containing an underscore ("_"), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)

Source archives:
Size/MD5: 165384 7f507b594e9d5d9cd0a7adb2eca5d0c4
Size/MD5: 892 3afca4b6ec963ad9c239deb7df0c556d
Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b

Architecture independent packages:
Size/MD5: 24012 44750442562ef128334a4ad1bcfef15c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 2809794 a257ea0675c52c60b5d1ef3d5dfadebc
Size/MD5: 304040 759952b1db7359f3f3b54d3d3bbc11ff
Size/MD5: 422102 d95d773d2479c3878a56248cdf2428de
Size/MD5: 3576654 4641b0ff8d06e82e21648352f01282d2

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 2773050 4717ed4d1405d70c6ede0056ee40e490
Size/MD5: 287018 5b18d12015bb46bf0c89e5bcc323b0a5
Size/MD5: 396026 097eff3da7fc711a52473f62535c5d04
Size/MD5: 3485608 0886647a564f4136efc4f72f694d22c3

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 3109072 b510d1c4a3a33da55cb3b97a612b2e19
Size/MD5: 307718 55738df34a3f30e34d702d8b804bb57a
Size/MD5: 451512 7dcb7e811ff6a0a8a0528bbb49229ac1
Size/MD5: 3769072 f7274343ac2163a0ff377c9cad1ec07e

Printed from Linux Compatible (