Login
Newsletter
Werbung
Sicherheit: Unsichere Verwendung temporärer Dateien in MySQL
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in MySQL
ID: USN-63-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10
Datum: Di, 18. Januar 2005, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0004
Applikationen: MySQL

Originalnachricht

 
===========================================================
Ubuntu Security Notice USN-63-1		   January 18, 2005
mysql-dfsg vulnerability
CAN-2005-0004
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

mysql-client

The problem can be corrected by upgrading the affected package to
version 4.0.20-2ubuntu1.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Javier Fernández-Sanguino Peña noticed that the "mysqlaccess" program
created temporary files in an insecure manner. This could allow a
symbolic link attack to create or overwrite arbitrary files with the
privileges of the user invoking the program.

  Source archives:

    mysql-dfsg_4.0.20-2ubuntu1.2.diff.gz
      Size/MD5:   166762 9539079855c393735822c2a81066fc4f
    mysql-dfsg_4.0.20-2ubuntu1.2.dsc
      Size/MD5:      892 ffefecd7367ae204441e9c578ef99c80
    mysql-dfsg_4.0.20.orig.tar.gz
      Size/MD5:  9760117 f092867f6df2f50b34b8065312b9fb2b

  Architecture independent packages:

    mysql-common_4.0.20-2ubuntu1.2_all.deb
      Size/MD5:    24118 f4dc709c79ba5d369897ff900c902d71

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    libmysqlclient-dev_4.0.20-2ubuntu1.2_amd64.deb
      Size/MD5:  2809872 a55c0f636b25edd5d13c0d803338488d
    libmysqlclient12_4.0.20-2ubuntu1.2_amd64.deb
      Size/MD5:   304142 b86111022aa1c15af7f7f3036f5433be
    mysql-client_4.0.20-2ubuntu1.2_amd64.deb
      Size/MD5:   422204 f9bc9eb8cd9ac67e52eaa524e57bac99
    mysql-server_4.0.20-2ubuntu1.2_amd64.deb
      Size/MD5:  3576784 d53773fbd06bb053f0a46e529aa38eee

  i386 architecture (x86 compatible Intel/AMD)

    libmysqlclient-dev_4.0.20-2ubuntu1.2_i386.deb
      Size/MD5:  2773210 a6852a3f424271259b39bb03bb461b04
    libmysqlclient12_4.0.20-2ubuntu1.2_i386.deb
      Size/MD5:   287134 a21f225c8fa3330a43927745011c205f
    mysql-client_4.0.20-2ubuntu1.2_i386.deb
      Size/MD5:   396138 0c2b5af3861525c81f2ff1ff220ecec9
    mysql-server_4.0.20-2ubuntu1.2_i386.deb
      Size/MD5:  3485736 1604893d7116f1a157bd21ba1691cf10

  powerpc architecture (Apple Macintosh G3/G4/G5)

    libmysqlclient-dev_4.0.20-2ubuntu1.2_powerpc.deb
      Size/MD5:  3109196 55cfe8be306fcf4b52b28dcd71b5f248
    libmysqlclient12_4.0.20-2ubuntu1.2_powerpc.deb
      Size/MD5:   307810 214c3513201913fe536530c9635a260e
    mysql-client_4.0.20-2ubuntu1.2_powerpc.deb
      Size/MD5:   451622 990dc682f047b6f90ada50cbaa68bd99
    mysql-server_4.0.20-2ubuntu1.2_powerpc.deb
      Size/MD5:  3769240 007381b48ea3e942fd46d91321422673



-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung