Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New mysql packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 829-1                                        Martin Schulze
September 30, 2005            
- --------------------------------------------------------------------------

Package        : mysql
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2558
BugTraq ID     : 14509

A stack-based buffer overflow in the init_syms function of MySQL, a
popular database, has been discovered that allows remote authenticated
users who can create user-defined functions to execute arbitrary code
via a long function_name field.  The ability to create user-defined
functions is not typically granted to untrusted users.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

                     woody              sarge              sid
mysql             3.23.49-8.14           n/a               n/a
mysql-dfsg            n/a          4.0.24-10sarge1    4.0.24-10sarge1
mysql-dfsg-4.1        n/a          4.1.11a-4sarge2        4.1.14-2
mysql-dfsg-5.0        n/a                n/a            5.0.11beta-3

We recommend that you upgrade your mysql packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      877 6c46a2c935eb285140da38fe19a93382
      Size/MD5 checksum:    85549 ebd8c30055708a455cb4ccd064a931f5
      Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

  Architecture independent components:
      Size/MD5 checksum:    18490 0663194884fd4c4d066bac4a6df5f0e3
      Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6

  Alpha architecture:
      Size/MD5 checksum:   279812 5fc369c5e55b75b54f1f96600efc7611
      Size/MD5 checksum:   781182 06317a1507de6299aa2f7af79e1c47b7
      Size/MD5 checksum:   165206 f8f3a7c3f5b93be123648f61ef7d3e42
      Size/MD5 checksum:  3637322 7e0dcbe056038813b79059209109c817

  ARM architecture:
      Size/MD5 checksum:   240302 f38ae36e250a08516e84d74b5933da3c
      Size/MD5 checksum:   636894 ee11f194944a0944ee69f282ef93a6db
      Size/MD5 checksum:   125556 63e9a21903d558aa31872c96b5b0a9f2
      Size/MD5 checksum:  2809136 6b7eb832b271f2e9e1bc0da437e77517

  Intel IA-32 architecture:
      Size/MD5 checksum:   236462 a88ca1a9117992e7612f67ac3c5e233b
      Size/MD5 checksum:   578470 8498436d79a3c4e0a21430c1a936f3f3
      Size/MD5 checksum:   124152 f00a5007b19df61d50f462bbf2b16eab
      Size/MD5 checksum:  2802684 0c7ae03086a6fb616f25d11a12f59dd3

  Intel IA-64 architecture:
      Size/MD5 checksum:   317096 8fd6cc4430b0be71e8e3e29653d1c385
      Size/MD5 checksum:   850834 25ee3b8c128001bc812b07106bca1919
      Size/MD5 checksum:   175374 33057b4bd48a10afeed341bc5326df2d
      Size/MD5 checksum:  4001596 c2553b10eaa03c0086cd045c6645fa21

  HP Precision architecture:
      Size/MD5 checksum:   282714 a4beafeb9dbef09d855fbbae69593a9a
      Size/MD5 checksum:   746106 da172b65b2476554fda7f76d23b2ddf8
      Size/MD5 checksum:   142182 310f0ef1682301e22c49004db4dccaa6
      Size/MD5 checksum:  3516838 bdd5466d02128d767ec9e95259d0c478

  Motorola 680x0 architecture:
      Size/MD5 checksum:   229626 11819aa106d97c216a58992d38741384
      Size/MD5 checksum:   559644 dda615853fac6ff347c2c28f34a8ad89
      Size/MD5 checksum:   119980 83773f99d401e676f524d31afc98cf0f
      Size/MD5 checksum:  2649554 812c67dd1714acc49437c3d103a58fcf

  Big endian MIPS architecture:
      Size/MD5 checksum:   252912 f4a651db3d6d21e85e8a2ba1b90c71bd
      Size/MD5 checksum:   691086 1d8b5a6120ab33e263b798fbde56cd0d
      Size/MD5 checksum:   135446 14cf2bf322b0c4d97169a48b3c465088
      Size/MD5 checksum:  2851490 34c1dcf229f22b27f10881e7d178eff8

  Little endian MIPS architecture:
      Size/MD5 checksum:   252578 b30b1e6efcb6d814fc2f54ce01cbcbc2
      Size/MD5 checksum:   690538 0f3486135c2a9e7e2b6d539b747337a1
      Size/MD5 checksum:   135810 0a1f0808bcd847205c617f933da7ae4d
      Size/MD5 checksum:  2841096 7b75481f884758f16477c86a51bb37ae

  PowerPC architecture:
      Size/MD5 checksum:   249676 df2ce297450c8f6e6d9d485a5ac70b66
      Size/MD5 checksum:   654774 57850699654d9c713333db713e321ec1
      Size/MD5 checksum:   131016 3002fb27dc21450f4f705979d34e6664
      Size/MD5 checksum:  2826176 1becf085f621b056169693d408ad3f8c

  IBM S/390 architecture:
      Size/MD5 checksum:   251944 213455557dab1e21a6b8661b7fae0969
      Size/MD5 checksum:   609592 aac39e06ea9ecb31ce0dc03805e6b47c
      Size/MD5 checksum:   127992 69903a71808830e2b1fbc9b304810414
      Size/MD5 checksum:  2693968 2b41561b8d7c13db5c312a55e770f8e9

  Sun Sparc architecture:
      Size/MD5 checksum:   242884 6f2d616af8bc5830005f2991e93ef74f
      Size/MD5 checksum:   617996 314067541e885567bc9ba26207da7b09
      Size/MD5 checksum:   131984 2f8bdb7ec1d0069bca126cbccd64e858
      Size/MD5 checksum:  2943010 ce1e2eb8aac0dd21d1ffd5c05f8355f8

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.