==========================================================Ubuntu Security Notice USN-671-1 November 17, 2008
mysql-dfsg-5.0 vulnerabilities
CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.11
Ubuntu 7.10:
mysql-server-5.0 5.0.45-1ubuntu3.4
Ubuntu 8.04 LTS:
mysql-server-5.0 5.0.51a-3ubuntu5.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use the
DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege
checks. This update alters table creation behaviour by disallowing the
use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY
options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098)
It was discovered that MySQL did not handle empty bit-string literals
properly. An attacker could exploit this problem and cause the MySQL
server to crash, leading to a denial of service. (CVE-2008-3963)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 166038 5bb9d1f41b8a34e3f935d87cf8ea553c
Size/MD5: 1124 dfb2b087d32df29aa9697dd004c488c4
Size/MD5: 18446645 2b8f36364373461190126817ec872031
Architecture independent packages:
Size/MD5: 38944 2f54e68e4fa140998c0cb78a70fc119e
Size/MD5: 41488 ef268bffd224ccf90dd590820de702a7
Size/MD5: 38948 6bd7b45911f2bacec67d578ee812f110
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 6729886 af2c395368182937c76d5f165d478df3
Size/MD5: 1423924 58ca08b4eef39c0e2d34aaa2cddf42cb
Size/MD5: 6897622 fc9e0c76dbde4321de287a102c002db2
Size/MD5: 22493516 ec7f8f5c669bb7f1ca0b7d54bd63ca7d
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 6142732 d411a303d293fd8559f042ce230615d1
Size/MD5: 1384350 1dcfa047e463b45f45942ac0bea623b1
Size/MD5: 6280092 9a555aa506be5086d952af12afbf5b3d
Size/MD5: 21352916 0285f357ed2a35ecbd81b7f13fcbe0dd
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 6886660 c3f1cef7637a94b3c4ba3d3cc74a4a36
Size/MD5: 1464208 1ab2aa38f4e27b74e3d3e962e44977e3
Size/MD5: 6944814 311ed284fb1456d3e20fc49b53ae1020
Size/MD5: 22708138 87480f1d414b63dd32f9bc017786573e
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 6435552 66ae0f7ef9fef58a118965e54af6d751
Size/MD5: 1436346 e2c0b9566472e770eb2d58be24de248c
Size/MD5: 6542200 09a89f54af6584167a1cae9cffbc735f
Size/MD5: 21974286 cab9ee96e01b4df8243bf74767819088
Updated packages for Ubuntu 7.10:
Source archives:
Size/MD5: 243362 6b79d30861b757447d41706e3731e395
Size/MD5: 1302 9a87569e45aded8c98c43d53c12d30de
Size/MD5: 17801680 ab450aa2e9b89f3b4e01fd12375b1bee
Architecture independent packages:
Size/MD5: 48538 8338809ac72972866d2363a6ce681c15
Size/MD5: 56744 71342b47c409b2b4e4ead8c8cef4e7f8
Size/MD5: 50738 2e37d678979ce0a893092d1ff949d4e1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 7564626 120e18e6fc2d3208b0531cac5d8209a0
Size/MD5: 1917186 838695d874b436643792bec417299410
Size/MD5: 7999284 e73b18453d17f783e5e4c4653e7ff893
Size/MD5: 27571570 6f0e6edd92ab9f107149952c4fc5e14d
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 7043450 a33ba64ed57deb1bef09ddae94abe8c0
Size/MD5: 1867614 f16cc5ff9ffdf951f47da895a4f40f93
Size/MD5: 7497426 43ab893a69ae8bf09d8795281509d50d
Size/MD5: 26786564 33eceaf638a2d9042d32b41b2498394a
lpia architecture (Low Power Intel Architecture):
Size/MD5: 7023394 ce3cbd8d1d3636158e26aac448f17e6e
Size/MD5: 1843862 33187655eeaf528d82620681bab73a9b
Size/MD5: 7518330 457f957ebbf1cc88d7bd433354b99d8b
Size/MD5: 26760376 b52d4eea4a46f8eab45d1b991dd6bfae
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 7762838 9ba0474b47f276590162a3c85c0d382f
Size/MD5: 1949498 2fe6fd7147097a2dbe1768b12a505fc9
Size/MD5: 8066000 0a14243fe3631806abb5de27bd3e03dc
Size/MD5: 28023398 138612db5e9249bb2c54f4d71a0914d3
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 7173132 2b4016c87626737b6a970ed169c80a24
Size/MD5: 1877642 14963beda22c01f734c403822d561ef8
Size/MD5: 7583722 c1a60b545f38172c683d76ea953f41f6
Size/MD5: 27140728 b79d11ad9b4cf9b20a92ca1bfccf6eeb
Updated packages for Ubuntu 8.04 LTS:
Source archives:
Size/MD5: 314416 a98a2519ef59bc5b0cef4940c4961f35
Size/MD5: 1430 57f5a32ccf3d46aefcb56407fc238007
Size/MD5: 17946664 6fae978908ad5eb790fa3f24f16dadba
Architecture independent packages:
Size/MD5: 52052 8200893fa342e477a2af354d141015e7
Size/MD5: 60302 8e8d4aa0af490eeadde3d1684c669de1
Size/MD5: 54240 34a21b40b4e18dd8dbfbf5ca30fd8e53
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 7594702 71f4511bd9ce2275d080bf4f27e8f4dd
Size/MD5: 1877812 afa3900abcb025df70ccc444444a006a
Size/MD5: 8241010 cdb59824c82d8412a4f324f38f9c1260
Size/MD5: 28018274 b106f4f668381cd55a5da7d40be9e7ce
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 7216262 f252c8299c00e805022a99374561eeba
Size/MD5: 1836766 247b3c027653b3f6cd9b89320ba7572e
Size/MD5: 7826312 f948d312520c64c0d73982e162201f09
Size/MD5: 27427752 090b315903161e7f72d0b7e2be804ee1
lpia architecture (Low Power Intel Architecture):
Size/MD5: 7160694 d0bd82cf31dae1cec8ca04241baba49d
Size/MD5: 1826820 3bb18a419dceccfb58aa5d3cd99bf31a
Size/MD5: 7840058 80f24b9ce82a2f93f4ed8ce635114e7a
Size/MD5: 27357990 65e92cb0e552509a820410351456fa97
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 7587468 045eee93159914db564084d88a3d5304
Size/MD5: 1915302 eef9aedee7b37cb81a9a980d42049406
Size/MD5: 8241574 7f57a684310fe601446729a3e539b49f
Size/MD5: 28344344 d3be9955a55a22ced19fe9d25b129bd6
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 7199786 d2c692836274f21677499177121e046b
Size/MD5: 1846000 b0456b96173850dfa4eb597c4d42f4ac
Size/MD5: 7830916 cd55ac1ad14ce9713de2e8c9397c1018
Size/MD5: 27642386 8cf989c15071150c10abc1175c048022
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
