drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in mysql-dfsg-4.1 (Aktualisierung)
Name: |
Pufferüberlauf in mysql-dfsg-4.1 (Aktualisierung) |
|
ID: |
DSA-833-2 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sarge |
|
Datum: |
Di, 4. Oktober 2005, 20:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558
http://www.securityfocus.com/bid/14509 |
|
Applikationen: |
MySQL |
|
Update von: |
Pufferüberlauf in mysql-dfsg-4.1 |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA 833-2 security@debian.org http://www.debian.org/security/ Martin Schulze October 4th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------
Package : mysql-dfsg-4.1 Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CAN-2005-2558 BugTraq ID : 14509
A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users.
The following vulnerability matrix explains which version of MySQL in which distribution has this problem fixed:
woody sarge sid mysql 3.23.49-8.14 n/a n/a mysql-dfsg n/a 4.0.24-10sarge1 4.0.24-10sarge1 mysql-dfsg-4.1 n/a 4.1.11a-4sarge2 4.1.14-2 mysql-dfsg-5.0 n/a n/a 5.0.11beta-3
This update only covers binary packages for the big endian MIPS architecture that was mysteriously forgotton in the earlier update.
We recommend that you upgrade your mysql-dfsg-4.1 packages.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge - --------------------------------
Source archives:
mysql-dfsg-4.1_4.1.11a-4sarge2.dsc Size/MD5 checksum: 1021 ef5b7f754fd69c6ddf96185a9ea99d8c mysql-dfsg-4.1_4.1.11a-4sarge2.diff.gz Size/MD5 checksum: 163217 c22faa82cad1a38568146d03a316b4c3 mysql-dfsg-4.1_4.1.11a.orig.tar.gz Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3
Architecture independent components:
mysql-common-4.1_4.1.11a-4sarge2_all.deb Size/MD5 checksum: 35758 f4c17c57aaed4aba0d06b22391a443ff
Big endian MIPS architecture:
libmysqlclient14_4.1.11a-4sarge2_mips.deb Size/MD5 checksum: 1477872 22fec72fd66a24a4f0d908dcaa23e64f libmysqlclient14-dev_4.1.11a-4sarge2_mips.deb Size/MD5 checksum: 6051732 6eb05337947f14fc0db2989a64db67d5 mysql-client-4.1_4.1.11a-4sarge2_mips.deb Size/MD5 checksum: 903670 38af0c111d89ed2455f418da9aafdb56 mysql-server-4.1_4.1.11a-4sarge2_mips.deb Size/MD5 checksum: 15407526 d728af32519bf4ca50b96dd37998631d
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDQsQlW5ql+IAeqTIRAphAAJ9ffM7AhwkAdhyThzzGz/GliGZWIwCgmrl0 Y4NLJYnxxnER4q7ZjLLYXxc= =plXv -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|