it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
[IT-SecurityNotifies] [SECURITY] [DSA 2057-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
Chronologisch Thread
- From: Giuseppe Iuculano <iuculano AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecurityNotifies] [SECURITY] [DSA 2057-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
- Date: Mon, 7 Jun 2010 15:23:07 +0200
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- Old-return-path: <iuculano AT debian.org>
- Priority: urgent
- Resent-date: Mon, 7 Jun 2010 13:23:23 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <vV_kwPebQLL.A.hjH.LLPDMB@liszt>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2057-1 security AT debian.org
http://www.debian.org/security/ Giuseppe Iuculano
June 07, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850
Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2010-1626
MySQL allows local users to delete the data and index files of another
user's MyISAM table via a symlink attack in conjunction with the DROP
TABLE command.
CVE-2010-1848
MySQL failed to check the table name argument of a COM_FIELD_LIST
command packet for validity and compliance to acceptable table name
standards. This allows an authenticated user with SELECT privileges on
one table to obtain the field definitions of any table in all other
databases and potentially of other MySQL instances accessible from the
server's file system.
CVE-2010-1849
MySQL could be tricked to read packets indefinitely if it received a
packet larger than the maximum size of one packet.
This results in high CPU usage and thus denial of service conditions.
CVE-2010-1850
MySQL was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of a
COM_FIELD_LIST command packet. By sending long data for the table
name, a buffer is overflown, which could be exploited by an
authenticated user to inject malicious code.
For the stable distribution (lenny), these problems have been fixed in
version 5.0.51a-24+lenny4
The testing (squeeze) and unstable (sid) distribution do not contain
mysql-dfsg-5.0 anymore.
We recommend that you upgrade your mysql-dfsg-5.0 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny4.diff.gz
Size/MD5 checksum: 382688 98904282d9b1ba07a5fa441695c9cefd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny4.dsc
Size/MD5 checksum: 1746 213d7a9655000a669a9262b68a645b84
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz
Size/MD5 checksum: 17946664 6fae978908ad5eb790fa3f24f16dadba
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny4_all.deb
Size/MD5 checksum: 53012 7b2c03b1e86bb4634bb65b7fd65a8ce0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny4_all.deb
Size/MD5 checksum: 55208 0059173c20f96569e532f34e8d8e6d3d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny4_all.deb
Size/MD5 checksum: 61784 165889f524b9cd317462910f34871652
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_alpha.deb
Size/MD5 checksum: 9069806 dbf1efe0f87962a0ce24c3c2026f08fe
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_alpha.deb
Size/MD5 checksum: 8921072 4109cdb9b571b8384e22990f049077e5
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_alpha.deb
Size/MD5 checksum: 28367370 1f7b2cbe390dc19230b83aac2b427a1c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_alpha.deb
Size/MD5 checksum: 2017406 121ad24e4ef9408540b34f4c954ea03a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_amd64.deb
Size/MD5 checksum: 7586258 dbffd3dcb28daa3070b68f0ee268d6b3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_amd64.deb
Size/MD5 checksum: 27296900 030ee9c14fbb373617e77158fb56c40f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_amd64.deb
Size/MD5 checksum: 8207020 233dde7fe1c8d16757862037b7f8c551
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_amd64.deb
Size/MD5 checksum: 1905200 8296b7de029b8208828981d151ad7013
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_arm.deb
Size/MD5 checksum: 26227842 f2e1a010442bd1b007aa1b12192e507c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_arm.deb
Size/MD5 checksum: 7158596 b06eb5f03ef7cbc2bdbda36d5f286411
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_arm.deb
Size/MD5 checksum: 7614948 a3e30a83a7a314001445b0dd39415516
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_arm.deb
Size/MD5 checksum: 1779078 69f97725b1aa16018a8b59e3f3723568
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_armel.deb
Size/MD5 checksum: 7261064 5526963b33325b3d6dec386f203ef4c3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_armel.deb
Size/MD5 checksum: 26225224 7ac517f02119cb0d7f9d1dd27d863a0b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_armel.deb
Size/MD5 checksum: 7650776 41fd6ce03ecbad3ebc876a145a440bc9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_armel.deb
Size/MD5 checksum: 1782498 8c8ffcec7cfcf2deaa622bbd3bd3e890
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_hppa.deb
Size/MD5 checksum: 8435372 3685c8fbee92cc421e2636956caf726a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_hppa.deb
Size/MD5 checksum: 1958982 3951104d822d5231b6bcc726bd3f538c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_hppa.deb
Size/MD5 checksum: 27898560 9fbee7a1ac008f5229bc1b6063461d8e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_hppa.deb
Size/MD5 checksum: 8176082 91f0424391f249a6d3f86bd7adfa9bfb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_i386.deb
Size/MD5 checksum: 7201148 dec28c17afdfbc427b03b3dc7b16ae80
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_i386.deb
Size/MD5 checksum: 1860698 fa79c4525944c5fc2938838697991d2a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_i386.deb
Size/MD5 checksum: 7785564 59607135a3509e3bdf5aacbe0f7b9e27
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_i386.deb
Size/MD5 checksum: 26655616 660b2d3f55af9a0ffff5dec3ccb265b2
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_ia64.deb
Size/MD5 checksum: 2186514 3643a5fd53f47e6b37a657c2b985de5d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_ia64.deb
Size/MD5 checksum: 31432404 302295754438d88e1f29543d92cabfee
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_ia64.deb
Size/MD5 checksum: 10914492 012586f98c3ef1f59105f7252abae54e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_ia64.deb
Size/MD5 checksum: 9934262 52aaca8c884acb288570c7187dc80fe6
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_mips.deb
Size/MD5 checksum: 7886638 3674f662a26dee543e841dbc1aa90001
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_mips.deb
Size/MD5 checksum: 26949468 c16b353714abef0109c31f24cd95157a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_mips.deb
Size/MD5 checksum: 1857996 19eb0e571e285ed370ff048a86c180de
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_mips.deb
Size/MD5 checksum: 7852966 ad5ceec59cd351e9643f3fe7815899e4
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_mipsel.deb
Size/MD5 checksum: 7778208 efd2025f639ba1f75601692d1f773482
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_mipsel.deb
Size/MD5 checksum: 26454824 8c5c4d499e98a454d994a9799f867235
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_mipsel.deb
Size/MD5 checksum: 1818040 983d9f0b274554af24895a9bf9da2d58
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_mipsel.deb
Size/MD5 checksum: 7724872 2afe270ee53d403ff3d1b5e1449fb6cf
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_powerpc.deb
Size/MD5 checksum: 1917272 3e0cd81b4034a0572a04f0825f63539f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_powerpc.deb
Size/MD5 checksum: 27147186 a29b658c4a423ade01f38d383d8990bb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_powerpc.deb
Size/MD5 checksum: 8155688 cf97ff51341b672a192b29fb196a33d8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_powerpc.deb
Size/MD5 checksum: 7606414 a5ff20347ea77cba2e1f9775462b4e3b
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_s390.deb
Size/MD5 checksum: 28243518 d76d51037f58b1a4d55e2721b6b524dd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_s390.deb
Size/MD5 checksum: 7703306 7ded6daec5c06279f46e9e077f972fc2
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_s390.deb
Size/MD5 checksum: 2032080 df093a3278065afc3623d993760142b5
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_s390.deb
Size/MD5 checksum: 8238026 4121d28d8ee97640c82faf40745d64fb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_sparc.deb
Size/MD5 checksum: 26847970 562cd268e46900380d05e83d48e7f854
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_sparc.deb
Size/MD5 checksum: 7758418 446a2a74ca3c548d3fe9286c7534ca25
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_sparc.deb
Size/MD5 checksum: 1872840 2ea462a86056196ca11bf08a700f461a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_sparc.deb
Size/MD5 checksum: 7144452 8bb91966144e610e56f1480f23c6d47a
These files will probably be moved into the stable distribution on
its next update.
-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce AT lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwM8rsACgkQNxpp46476aqiMQCfZmJr090XSr9fDzJ6xIIC6qKw
imoAn2qnpAr7dXW3rJL8keHEQhqKOUqX
=ory/
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: 20100607132307.GA6693 AT SD6-Casa.iuculano.it">http://lists.debian.org/20100607132307.GA6693 AT SD6-Casa.iuculano.it
- [IT-SecurityNotifies] [SECURITY] [DSA 2057-1] New mysql-dfsg-5.0 packages fix several vulnerabilities, Giuseppe Iuculano, 07.06.2010
Archiv bereitgestellt durch MHonArc 2.6.19.