Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New mysql-dfsg-5.0 packages fix arbitrary code Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/ in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1877-1                               Sebastien Delafond
September 02, 2009          
- ------------------------------------------------------------------------

Package        : mysql-dfsg-5.0
Vulnerability  : denial of service/execution of arbitrary code
Problem type   : remote (for authenticated users only)
Debian-specific: no
CVE Id(s)      : CVE-2009-2446
Debian Bug     : 536726

In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities
in the dispatch_command() function in libmysqld/ in mysqld
allow remote authenticated users to cause a denial of service (daemon
crash) and potentially the execution of arbitrary code via format
string specifiers in a database name in a COM_CREATE_DB or 
COM_DROP_DB request.

For the stable distribution (lenny), this problem has been fixed in
version 5.0.51a-24+lenny2.

For the old stable distribution (etch), this problem has been fixed in
version 5.0.32-7etch11.

We recommend that you upgrade your mysql packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, mips, mipsel, powerpc, and sparc.
Packages for s390 and ia64 will be provided later.

Source archives:
    Size/MD5 checksum:     1127 04d446b8c3d2197749a1f2fa2f4d0425
    Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
    Size/MD5 checksum:   317868 a6d964d228f060e736c7a4893b635a7b

Architecture independent packages:
    Size/MD5 checksum:    48568 f461780f168fdd796d64de29d65f780f
    Size/MD5 checksum:    46498 8289827ff2d32c3f186e8315bffd8623
    Size/MD5 checksum:    55722 d50cd81c4de475f456be6c85658bd1f7

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  8910394 e022ad902c9062b1d23c7200efd4c2b9
    Size/MD5 checksum:  1948048 a8a3e301a0cc8a50121d8b1c8d241d8d
    Size/MD5 checksum: 27385186 462235f9cae189b200dd0150500b0df8
    Size/MD5 checksum:  8406012 3b33aba1253a77c0cd7b5c9940beefe0
    Size/MD5 checksum:    48596 06075036afdfa985e184d64cd7467dbb

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  7371940 60846ded8f56a14fe4acea25b3fef8ed
    Size/MD5 checksum:  7549540 d8f07a77db3d9e390ee738d3e1c12e2a
    Size/MD5 checksum:    48590 77d0e70ce3be061558d74edf94a9db3e
    Size/MD5 checksum: 25811214 88cacbc41360716cc1e8fe3d0b94c183
    Size/MD5 checksum:  1831258 8644d004d2edbce351ddaa7624e2ef55

arm architecture (ARM)
    Size/MD5 checksum:  6928472 10c87727be06ced03bb85c7e4f418c61
    Size/MD5 checksum: 25392708 f1baa44136b257be42aeac92f2c0ca4b
    Size/MD5 checksum:    48642 4112aeacd22315c05e79e3825140cbdd
    Size/MD5 checksum:  7208402 1f9add4b08a529c64fad7bd7dcfb4f21
    Size/MD5 checksum:  1748976 c1fbff2b11833d125383635ad411887a

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  8052818 59038dab097f1cdd776d21390316bce1
    Size/MD5 checksum:  8004290 48e83f9e9d234b8068e171c2172d9c9d
    Size/MD5 checksum:    48586 6d9665e91d15e7334158190da1634d41
    Size/MD5 checksum: 27192742 a0029b97c43db98c0436261cd597405b
    Size/MD5 checksum:  1922302 0f6f2cf520f0a2829c7009e324dc0edb

i386 architecture (Intel ia32)
    Size/MD5 checksum: 25368664 6d42e8a39ead35df9a4ce1070cab31f8
    Size/MD5 checksum:  7189996 28199849ef78c31cadf0f001df675993
    Size/MD5 checksum:  6979206 2ebfba367d29db3604a9a9aac74de368
    Size/MD5 checksum:  1793618 05be6803bfedaaa71e699bca307e1ceb
    Size/MD5 checksum:    48588 6a9afa9558767aee492e7a86362f19a3

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  7751694 136803e42eae2260798484f8eb17048d
    Size/MD5 checksum:  1836806 bb44f8a99aabc6fbe7929fd203d04867
    Size/MD5 checksum:    48592 4939af52e5b88d6086596d8a84a04832
    Size/MD5 checksum: 26346132 7e0d97dec16a809f264219def70bcc03
    Size/MD5 checksum:  7658598 2a719a8848a7ba8dd3777021f25f4c40

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    48594 cb7b35326bc1cd42716087f240aa4e7b
    Size/MD5 checksum: 25848730 336466dce5cc2850a9a52ae189687d71
    Size/MD5 checksum:  7643162 78792b110ee9cb1836eca555a08e832b
    Size/MD5 checksum:  1790322 207f9822675334f3b60ad20ecb6acc8e
    Size/MD5 checksum:  7564258 9fe5ce4a44d54dba5ad3d30510a3d748

powerpc architecture (PowerPC)
    Size/MD5 checksum:  1833298 798fa89f6153c25f38f3afa4ba0db0e0
    Size/MD5 checksum:  7576088 21eef1f8d91fd1fbac1ec38a2cd870ac
    Size/MD5 checksum: 26170328 b688d2927c5d88e9dbe1370d1d34a2e0
    Size/MD5 checksum:    48598 3d5d0e081d10592c5f4242182e13c15e
    Size/MD5 checksum:  7514082 b5de98b5a1a5a039b409fa498227a9ba

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  1799228 ae8234f9cb645d102e47e951d4e5c5ac
    Size/MD5 checksum:    48600 7a05cc7532bfbd4b7e9e3c7473aa3904
    Size/MD5 checksum:  7156640 57438514f3ca6aed2ab90ede3cda8018
    Size/MD5 checksum: 25567498 b23fc4694a1c07c4de79bdab89561815
    Size/MD5 checksum:  7025424 94d3c5ab08be6c14f1916976070a6c72

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   336017 73e71bc1448601de508d0aa47ca3c0c2
    Size/MD5 checksum: 17946664 6fae978908ad5eb790fa3f24f16dadba
    Size/MD5 checksum:     1745 55c6c40c4cee89c4b9602b1f5c9fbab2

Architecture independent packages:
    Size/MD5 checksum:    60754 29e2385383abbe3b88e370d7c024d8c1
    Size/MD5 checksum:    55140 1b33f8d6803d58f3510f2b1a6fff9935
    Size/MD5 checksum:    52942 1559a30bde9a3c81192c90401b11988c

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  2017870 476e1c12341cc3a11dbe917721b75d1e
    Size/MD5 checksum: 28330292 9d284271d9fd8522fbbd97d5440ec97d
    Size/MD5 checksum:  8921314 ca7cf1404f85bc4a2d440c6a96880a9e
    Size/MD5 checksum:  9078662 47a1373f35c7222401b522f755b2301f

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum: 27158788 f12f0a8b1c8f2e57ab7a8ef7a76ec873
    Size/MD5 checksum:  7585692 b943efea233b5fbe9a6b0f3c4f8033a6
    Size/MD5 checksum:  1905520 ae5104de599dcb093bbf6ac5dd81dbb4
    Size/MD5 checksum:  8207396 be902135b35a82b58d2e950fee807ff0

arm architecture (ARM)
    Size/MD5 checksum:  1782278 27838be87f1be0ec27f8903c581b680e
    Size/MD5 checksum: 26204152 940359457063ec7d8e4983f087cb1e14
    Size/MD5 checksum:  7606956 caabe01f25582fd25af02adae2f4ec9d
    Size/MD5 checksum:  7159894 66345fae371067905bb57c15972ae7d0

armel architecture (ARM EABI)
    Size/MD5 checksum: 26214696 41209680b8b9d18f6a28c16e0f7dd9ca
    Size/MD5 checksum:  7643564 40518e3bab9f1fff7a283e857b1060ea
    Size/MD5 checksum:  7250106 957a0523f1c5e104acc4c52fcfb3970a
    Size/MD5 checksum:  1779630 9a3a19ac577140817de54689be25887a

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  1959030 734a3da246f12cf57a20a7cf97b49dfd
    Size/MD5 checksum:  8429462 f1eda586a25f39ca2a1c86901600eceb
    Size/MD5 checksum:  8167710 f24a6bcc11604a640999c6bb8990f55b
    Size/MD5 checksum: 27884660 b67835502617a5ab6968072e3658e2de

i386 architecture (Intel ia32)
    Size/MD5 checksum: 26514714 6628ec53d3a651053b4426a51fac77a0
    Size/MD5 checksum:  1859180 a4384b5580df4a2f92e0fb0850100128
    Size/MD5 checksum:  7785324 f662a309b3aeca56a98034b2a254f1eb
    Size/MD5 checksum:  7192962 f105e413fd396eb1babf2e44c79f3393

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  9933762 56ea092348134c381609dd5ca0810aa8
    Size/MD5 checksum:  2186372 6384de38ec7b94e13e3e4e8a51679a07
    Size/MD5 checksum: 10913816 064a4375c5362a388df59194e1a12755
    Size/MD5 checksum: 31431352 6166f2278ce608e9fa06c06d5e27547a

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  7838826 c57e35cd720dad5da1446eb5a4aae50f
    Size/MD5 checksum:  7884454 75b266b3aa2090508cbf9ae06b47b9e8
    Size/MD5 checksum: 26823432 ed752cabb21dc5fb0430a7c45cd2a737
    Size/MD5 checksum:  1856346 cf3ba65f0cf6267be41fb7545e8e5901

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  1809944 5111d32fb25ba5edbb2d10266d392b14
    Size/MD5 checksum:  7721196 b8e6e847c7de3b0ae28bbad61caa50b7
    Size/MD5 checksum:  7775944 8e414f48de6ce8847dfd9685d22471f3
    Size/MD5 checksum: 26342272 14296d3d8840864277a65f927bbfe56b

powerpc architecture (PowerPC)
    Size/MD5 checksum:  7605690 a744878f16ad45b1eca1297cbb06b8e1
    Size/MD5 checksum:  8153482 89e959eb5e49d34c44582853b132f9d7
    Size/MD5 checksum: 27153830 87e5ccde8c6bf5651dddd995f511e6b8
    Size/MD5 checksum:  1916488 5b27a646603c23738894e0ffc720facf

s390 architecture (IBM S/390)
    Size/MD5 checksum:  7697658 619a5cfa2c4b354ef1f136f34034787f
    Size/MD5 checksum:  2031312 3eb312a64bd41d97f5c4e68935e03f1f
    Size/MD5 checksum: 28101096 0a8b92944d8e74796a9c1d41901005cd
    Size/MD5 checksum:  8227138 0043bd8ab2dd81e7120362ed96c01caa

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  7148012 0c8b5f16f0406778333f8ef3238e14c0
    Size/MD5 checksum:  1868442 e6d037f41f0e5e7f83bebac0bafd8a61
    Size/MD5 checksum:  7762294 d07b91712d343ac17f4d74f3dbfa4787
    Size/MD5 checksum: 26833028 17eed220211bfbe9072afd9ca1ef80af

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.