Nice one bro :) 2010/6/14 Wojtek Burakiewicz <[email protected]>
> excuse me if anyone got my previous email. > NL just scored a goal so I sent to a wrong address > > > On Mon, Jun 14, 2010 at 2:31 PM, Wojtek Burakiewicz <[email protected]>wrote: > >> lijk me kak! >> >> >> >> On Mon, Jun 7, 2010 at 3:23 PM, Giuseppe Iuculano <[email protected]>wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> - >>> ------------------------------------------------------------------------ >>> Debian Security Advisory DSA-2057-1 [email protected] >>> http://www.debian.org/security/ Giuseppe Iuculano >>> June 07, 2010 http://www.debian.org/security/faq >>> - >>> ------------------------------------------------------------------------ >>> >>> Package : mysql-dfsg-5.0 >>> Vulnerability : several >>> Problem type : remote >>> Debian-specific: no >>> CVE Id(s) : CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 >>> >>> Several vulnerabilities have been discovered in the MySQL >>> database server. >>> The Common Vulnerabilities and Exposures project identifies the >>> following problems: >>> >>> >>> CVE-2010-1626 >>> >>> MySQL allows local users to delete the data and index files of another >>> user's MyISAM table via a symlink attack in conjunction with the DROP >>> TABLE command. >>> >>> >>> CVE-2010-1848 >>> >>> MySQL failed to check the table name argument of a COM_FIELD_LIST >>> command packet for validity and compliance to acceptable table name >>> standards. This allows an authenticated user with SELECT privileges on >>> one table to obtain the field definitions of any table in all other >>> databases and potentially of other MySQL instances accessible from the >>> server's file system. >>> >>> >>> CVE-2010-1849 >>> >>> MySQL could be tricked to read packets indefinitely if it received a >>> packet larger than the maximum size of one packet. >>> This results in high CPU usage and thus denial of service conditions. >>> >>> >>> CVE-2010-1850 >>> >>> MySQL was susceptible to a buffer-overflow attack due to a >>> failure to perform bounds checking on the table name argument of a >>> COM_FIELD_LIST command packet. By sending long data for the table >>> name, a buffer is overflown, which could be exploited by an >>> authenticated user to inject malicious code. >>> >>> >>> For the stable distribution (lenny), these problems have been fixed in >>> version 5.0.51a-24+lenny4 >>> >>> The testing (squeeze) and unstable (sid) distribution do not contain >>> mysql-dfsg-5.0 anymore. >>> >>> We recommend that you upgrade your mysql-dfsg-5.0 package. >>> >>> Upgrade instructions >>> - -------------------- >>> >>> wget url >>> will fetch the file for you >>> dpkg -i file.deb >>> will install the referenced file. >>> >>> If you are using the apt-get package manager, use the line for >>> sources.list as given below: >>> >>> apt-get update >>> will update the internal database >>> apt-get upgrade >>> will install corrected packages >>> >>> You may use an automated update by adding the resources from the >>> footer to the proper configuration. >>> >>> >>> Debian GNU/Linux 5.0 alias lenny >>> - -------------------------------- >>> >>> Debian (stable) >>> - --------------- >>> >>> Stable updates are available for alpha, amd64, arm, armel, hppa, i386, >>> ia64, mips, mipsel, powerpc, s390 and sparc. >>> >>> Source archives: >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny4.diff.gz >>> Size/MD5 checksum: 382688 98904282d9b1ba07a5fa441695c9cefd >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny4.dsc >>> Size/MD5 checksum: 1746 213d7a9655000a669a9262b68a645b84 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz >>> Size/MD5 checksum: 17946664 6fae978908ad5eb790fa3f24f16dadba >>> >>> Architecture independent packages: >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny4_all.deb >>> Size/MD5 checksum: 53012 7b2c03b1e86bb4634bb65b7fd65a8ce0 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny4_all.deb >>> Size/MD5 checksum: 55208 0059173c20f96569e532f34e8d8e6d3d >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny4_all.deb >>> Size/MD5 checksum: 61784 165889f524b9cd317462910f34871652 >>> >>> alpha architecture (DEC Alpha) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_alpha.deb >>> Size/MD5 checksum: 9069806 dbf1efe0f87962a0ce24c3c2026f08fe >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_alpha.deb >>> Size/MD5 checksum: 8921072 4109cdb9b571b8384e22990f049077e5 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_alpha.deb >>> Size/MD5 checksum: 28367370 1f7b2cbe390dc19230b83aac2b427a1c >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_alpha.deb >>> Size/MD5 checksum: 2017406 121ad24e4ef9408540b34f4c954ea03a >>> >>> amd64 architecture (AMD x86_64 (AMD64)) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_amd64.deb >>> Size/MD5 checksum: 7586258 dbffd3dcb28daa3070b68f0ee268d6b3 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_amd64.deb >>> Size/MD5 checksum: 27296900 030ee9c14fbb373617e77158fb56c40f >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_amd64.deb >>> Size/MD5 checksum: 8207020 233dde7fe1c8d16757862037b7f8c551 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_amd64.deb >>> Size/MD5 checksum: 1905200 8296b7de029b8208828981d151ad7013 >>> >>> arm architecture (ARM) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_arm.deb >>> Size/MD5 checksum: 26227842 f2e1a010442bd1b007aa1b12192e507c >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_arm.deb >>> Size/MD5 checksum: 7158596 b06eb5f03ef7cbc2bdbda36d5f286411 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_arm.deb >>> Size/MD5 checksum: 7614948 a3e30a83a7a314001445b0dd39415516 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_arm.deb >>> Size/MD5 checksum: 1779078 69f97725b1aa16018a8b59e3f3723568 >>> >>> armel architecture (ARM EABI) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_armel.deb >>> Size/MD5 checksum: 7261064 5526963b33325b3d6dec386f203ef4c3 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_armel.deb >>> Size/MD5 checksum: 26225224 7ac517f02119cb0d7f9d1dd27d863a0b >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_armel.deb >>> Size/MD5 checksum: 7650776 41fd6ce03ecbad3ebc876a145a440bc9 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_armel.deb >>> Size/MD5 checksum: 1782498 8c8ffcec7cfcf2deaa622bbd3bd3e890 >>> >>> hppa architecture (HP PA RISC) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_hppa.deb >>> Size/MD5 checksum: 8435372 3685c8fbee92cc421e2636956caf726a >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_hppa.deb >>> Size/MD5 checksum: 1958982 3951104d822d5231b6bcc726bd3f538c >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_hppa.deb >>> Size/MD5 checksum: 27898560 9fbee7a1ac008f5229bc1b6063461d8e >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_hppa.deb >>> Size/MD5 checksum: 8176082 91f0424391f249a6d3f86bd7adfa9bfb >>> >>> i386 architecture (Intel ia32) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_i386.deb >>> Size/MD5 checksum: 7201148 dec28c17afdfbc427b03b3dc7b16ae80 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_i386.deb >>> Size/MD5 checksum: 1860698 fa79c4525944c5fc2938838697991d2a >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_i386.deb >>> Size/MD5 checksum: 7785564 59607135a3509e3bdf5aacbe0f7b9e27 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_i386.deb >>> Size/MD5 checksum: 26655616 660b2d3f55af9a0ffff5dec3ccb265b2 >>> >>> ia64 architecture (Intel ia64) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_ia64.deb >>> Size/MD5 checksum: 2186514 3643a5fd53f47e6b37a657c2b985de5d >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_ia64.deb >>> Size/MD5 checksum: 31432404 302295754438d88e1f29543d92cabfee >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_ia64.deb >>> Size/MD5 checksum: 10914492 012586f98c3ef1f59105f7252abae54e >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_ia64.deb >>> Size/MD5 checksum: 9934262 52aaca8c884acb288570c7187dc80fe6 >>> >>> mips architecture (MIPS (Big Endian)) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_mips.deb >>> Size/MD5 checksum: 7886638 3674f662a26dee543e841dbc1aa90001 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_mips.deb >>> Size/MD5 checksum: 26949468 c16b353714abef0109c31f24cd95157a >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_mips.deb >>> Size/MD5 checksum: 1857996 19eb0e571e285ed370ff048a86c180de >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_mips.deb >>> Size/MD5 checksum: 7852966 ad5ceec59cd351e9643f3fe7815899e4 >>> >>> mipsel architecture (MIPS (Little Endian)) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_mipsel.deb >>> Size/MD5 checksum: 7778208 efd2025f639ba1f75601692d1f773482 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_mipsel.deb >>> Size/MD5 checksum: 26454824 8c5c4d499e98a454d994a9799f867235 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_mipsel.deb >>> Size/MD5 checksum: 1818040 983d9f0b274554af24895a9bf9da2d58 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_mipsel.deb >>> Size/MD5 checksum: 7724872 2afe270ee53d403ff3d1b5e1449fb6cf >>> >>> powerpc architecture (PowerPC) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_powerpc.deb >>> Size/MD5 checksum: 1917272 3e0cd81b4034a0572a04f0825f63539f >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_powerpc.deb >>> Size/MD5 checksum: 27147186 a29b658c4a423ade01f38d383d8990bb >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_powerpc.deb >>> Size/MD5 checksum: 8155688 cf97ff51341b672a192b29fb196a33d8 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_powerpc.deb >>> Size/MD5 checksum: 7606414 a5ff20347ea77cba2e1f9775462b4e3b >>> >>> s390 architecture (IBM S/390) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_s390.deb >>> Size/MD5 checksum: 28243518 d76d51037f58b1a4d55e2721b6b524dd >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_s390.deb >>> Size/MD5 checksum: 7703306 7ded6daec5c06279f46e9e077f972fc2 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_s390.deb >>> Size/MD5 checksum: 2032080 df093a3278065afc3623d993760142b5 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_s390.deb >>> Size/MD5 checksum: 8238026 4121d28d8ee97640c82faf40745d64fb >>> >>> sparc architecture (Sun SPARC/UltraSPARC) >>> >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_sparc.deb >>> Size/MD5 checksum: 26847970 562cd268e46900380d05e83d48e7f854 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_sparc.deb >>> Size/MD5 checksum: 7758418 446a2a74ca3c548d3fe9286c7534ca25 >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_sparc.deb >>> Size/MD5 checksum: 1872840 2ea462a86056196ca11bf08a700f461a >>> >>> http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_sparc.deb >>> Size/MD5 checksum: 7144452 8bb91966144e610e56f1480f23c6d47a >>> >>> >>> These files will probably be moved into the stable distribution on >>> its next update. >>> >>> - >>> --------------------------------------------------------------------------------- >>> For apt-get: deb http://security.debian.org/ stable/updates main >>> For dpkg-ftp: >>> ftp://security.debian.org/debian-securitydists/stable/updates/main >>> Mailing list: [email protected] >>> Package info: `apt-cache show <pkg>' and http://packages.debian.org/ >>> <pkg> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.10 (GNU/Linux) >>> >>> iEYEARECAAYFAkwM8rsACgkQNxpp46476aqiMQCfZmJr090XSr9fDzJ6xIIC6qKw >>> imoAn2qnpAr7dXW3rJL8keHEQhqKOUqX >>> =ory/ >>> -----END PGP SIGNATURE----- >>> >>> >>> -- >>> To UNSUBSCRIBE, email to >>> [email protected] >>> with a subject of "unsubscribe". Trouble? Contact >>> [email protected] >>> Archive: >>> http://lists.debian.org/[email protected] >>> >>> >> > -- Wojciech Ziniewicz http://www.rfc-editor.org/rfc/rfc2324.txt
