remove Martin Schulze wrote:
> -------------------------------------------------------------------------- > Debian Security Advisory DSA 707-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > April 13th, 2005 http://www.debian.org/security/faq > -------------------------------------------------------------------------- > > Package : mysql > Vulnerability : several > Problem-Type : remote > Debian-specific: no > CVE ID : CAN-2004-0957 > BugTraq ID : 12781 > Debian Bug : 285276 296674 300158 > > Several vulnerabilities have been discovered in MySQL, a popular > database. The Common Vulnerabilities and Exposures project identifies > the following problems: > > CAN-2004-0957 > > Sergei Golubchik discovered a problem in the access handling for > similar named databases. If a user is granted privileges to a > database with a name containing an underscore ("_"), the user also > gains privileges to other databases with similar names. > > CAN-2005-0709 > > Stefano Di Paola discovered that MySQL allows remote > authenticated users with INSERT and DELETE privileges to execute > arbitrary code by using CREATE FUNCTION to access libc calls. > > CAN-2005-0710 > > Stefano Di Paola discovered that MySQL allows remote authenticated > users with INSERT and DELETE privileges to bypass library path > restrictions and execute arbitrary libraries by using INSERT INTO > to modify the mysql.func table. > > CAN-2005-0711 > > Stefano Di Paola discovered that MySQL uses predictable file names > when creating temporary tables, which allows local users with > CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via > a symlink attack. > > For the stable distribution (woody) these problems have been fixed in > version 3.23.49-8.11. > > For the unstable distribution (sid) these problems have been fixed in > version 4.0.24-5 of mysql-dfsg and in version 4.1.10a-6 of > mysql-dfsg-4.1. > > We recommend that you upgrade your mysql packages. > > > Upgrade Instructions > -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 3.0 alias woody > -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.dsc > Size/MD5 checksum: 877 df2d85bd322eb6d42287127aa911b07e > > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.diff.gz > Size/MD5 checksum: 84421 13e0ec8441a97408ed4d0ab47981a333 > > http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz > Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a > > Architecture independent components: > > > http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.11_all.deb > Size/MD5 checksum: 18094 578cfd9bbf7930981efc682c8e51b549 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb > Size/MD5 checksum: 1962992 a4cacebaadf9d5988da0ed1a336b48e6 > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_alpha.deb > Size/MD5 checksum: 279398 3971a1aa23bde9baefeb5784ef0ade3a > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_alpha.deb > Size/MD5 checksum: 780772 97e71d14a7a1d4dd21ed5deab8dd545e > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_alpha.deb > Size/MD5 checksum: 164748 7162245a011bed2fe08d0de4f95cc4e1 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_alpha.deb > Size/MD5 checksum: 3636734 66c25c69c3579a9d69cd5b258ff5aaee > > ARM architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_arm.deb > Size/MD5 checksum: 239882 4472b428cbb26a752ac0e81b051cf628 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_arm.deb > Size/MD5 checksum: 636536 ca50af2c717731c69542d5724a47fdf6 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_arm.deb > Size/MD5 checksum: 125156 e72c65ef2ec3bb5d2a4a98263ccadb2b > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_arm.deb > Size/MD5 checksum: 2808394 49c9bfb44afb893144171137b98eed12 > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_i386.deb > Size/MD5 checksum: 236058 a166e82ba1b7444bf86273f6e2d06022 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_i386.deb > Size/MD5 checksum: 578064 a95797aa335d8f09ec119c553a766b08 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_i386.deb > Size/MD5 checksum: 123672 3bd8648dd73e9f8f435029907d7d8a32 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_i386.deb > Size/MD5 checksum: 2802056 dd4a223b162e6e13e0517220cc756fd3 > > Intel IA-64 architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_ia64.deb > Size/MD5 checksum: 316690 8c537c85c8485fc053b05aa7647e9c95 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_ia64.deb > Size/MD5 checksum: 850412 9b580b32697b20bd420682e2da02b55a > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_ia64.deb > Size/MD5 checksum: 174958 4529edb2a8ed5275b858ddda14cafc9c > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_ia64.deb > Size/MD5 checksum: 4001168 dffcaa4ea670a963c2e1c87f86ca790b > > HP Precision architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_hppa.deb > Size/MD5 checksum: 282304 3192982a2bf0d1f4b4c898ffa45ee977 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_hppa.deb > Size/MD5 checksum: 745680 1746b48072bcc93c4588d1e6f0c12b44 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_hppa.deb > Size/MD5 checksum: 141770 b497d2bdd7032816a696985a65e32174 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_hppa.deb > Size/MD5 checksum: 3516268 216cbce37769115fe9d393b9193f4ad5 > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_m68k.deb > Size/MD5 checksum: 229238 0c5ae0cdfb69ee2e8eaff52119bbfdf5 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_m68k.deb > Size/MD5 checksum: 559260 11b3be08f6cd4c916a56349908e73bc7 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_m68k.deb > Size/MD5 checksum: 119552 291df2ccd20afd3ba5b426bc232e1681 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_m68k.deb > Size/MD5 checksum: 2648664 32253029744281d67cc32516d4415a7b > > Big endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mips.deb > Size/MD5 checksum: 252512 9f0d13488d1ef1d46b1cf954247c5d73 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mips.deb > Size/MD5 checksum: 690782 65245ff95983c58c49e5675e61ee3629 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mips.deb > Size/MD5 checksum: 135060 5382f4e78411fcb8364df226d27b6480 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mips.deb > Size/MD5 checksum: 2850534 1f6cbd34b484d6f57259c9c10d49c643 > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mipsel.deb > Size/MD5 checksum: 252176 fe3be8acd75ccb1206d32b66f4a7f696 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mipsel.deb > Size/MD5 checksum: 690178 9bc96dee918e627234f5aba08e8ed174 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mipsel.deb > Size/MD5 checksum: 135402 219d4706babc06c8995c8674687bdd3b > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mipsel.deb > Size/MD5 checksum: 2840476 f9feb1a4254acb12cd974fe7abdd7430 > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_powerpc.deb > Size/MD5 checksum: 249246 d2433c23f8a83fbb7cfabaa7f1996ba0 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_powerpc.deb > Size/MD5 checksum: 654366 fc5f0eb155c521a8a2f2a621c58026ef > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_powerpc.deb > Size/MD5 checksum: 130604 06d0a734db8a480d31acfff1a032a1b2 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_powerpc.deb > Size/MD5 checksum: 2825402 7cb05dadadbdf7b2aeaebff9b1c57bdd > > IBM S/390 architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_s390.deb > Size/MD5 checksum: 251522 0b0425e22e503cca3044457d1afb96a0 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_s390.deb > Size/MD5 checksum: 609212 f2e48ad9b41cd1aed57b0cf06a350c51 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_s390.deb > Size/MD5 checksum: 127578 e716610259ca1a56a5cc709bb0f39d8f > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_s390.deb > Size/MD5 checksum: 2692988 dc5da2e28c240fc7cd5d7a57038324c4 > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_sparc.deb > Size/MD5 checksum: 242480 7fdfd764be3bc3eaccb2370b6d55f501 > > http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_sparc.deb > Size/MD5 checksum: 617570 900be3d64a19cc29f7e20449a3cb95e0 > > http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_sparc.deb > Size/MD5 checksum: 131548 890954cb23d89714d7645fa60587854c > > http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_sparc.deb > Size/MD5 checksum: 2942040 5f234f648e9d269ca3df7167536bd2ae > > > These files will probably be moved into the stable distribution on > its next update. > > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: [email protected] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
