drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in MySQL
Name: |
Preisgabe von Informationen in MySQL |
|
ID: |
USN-283-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Mo, 8. Mai 2006, 15:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517 |
|
Applikationen: |
MySQL |
|
Originalnachricht |
--===============1859979722== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G" Content-Disposition: inline
--k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-283-1 May 08, 2006 mysql-dfsg-4.1, mysql-dfsg vulnerabilities CVE-2006-1516, CVE-2006-1517 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
mysql-server mysql-server-4.1
The problem can be corrected by upgrading the affected package to version 4.0.23-3ubuntu2.3 (for Ubuntu 5.04), 4.0.24-10ubuntu2.2 (mysql-server for Ubuntu 5.10), or 4.1.12-1ubuntu3.3 (mysql-server-4.1 for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. (CVE-2006-1516)
Stefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request. (CVE-2006-1517)
Updated packages for Ubuntu 5.04:
Source archives:
mysql-dfsg_4.0.23-3ubuntu2.3.diff.gz Size/MD5: 345474 a03d04b6232f33905f239248035f3c38 mysql-dfsg_4.0.23-3ubuntu2.3.dsc Size/MD5: 891 f45ff763a72c15171cad1162886f35de mysql-dfsg_4.0.23.orig.tar.gz Size/MD5: 9814467 5eec8f66ed48c6ff92e73161651a492b
Architecture independent packages:
mysql-common_4.0.23-3ubuntu2.3_all.deb Size/MD5: 32208 366666fa86a1832df41a6371ab247a13
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libmysqlclient12-dev_4.0.23-3ubuntu2.3_amd64.deb Size/MD5: 2866464 bd0a5bcdee56e03cbecb27753e0f9f96 libmysqlclient12_4.0.23-3ubuntu2.3_amd64.deb Size/MD5: 307028 3de11414c948eb5ba7cdd0a83eeb96f7 mysql-client_4.0.23-3ubuntu2.3_amd64.deb Size/MD5: 431620 d90f664ce975be92b926fd5b9d2429ab mysql-server_4.0.23-3ubuntu2.3_amd64.deb Size/MD5: 3628942 9596aa1a65337b9b9dbf642c0bd9794d
i386 architecture (x86 compatible Intel/AMD)
libmysqlclient12-dev_4.0.23-3ubuntu2.3_i386.deb Size/MD5: 2826196 0762c6d6057e91dae14ade788b45afba libmysqlclient12_4.0.23-3ubuntu2.3_i386.deb Size/MD5: 289722 1a4a652c075dcab324c7e4f3f6384d1f mysql-client_4.0.23-3ubuntu2.3_i386.deb Size/MD5: 404788 e6dcfc067fbae77ce3421a8d8dfdf8cc mysql-server_4.0.23-3ubuntu2.3_i386.deb Size/MD5: 3537800 ca606ecc15afb3cce2c295aa1f9ab344
powerpc architecture (Apple Macintosh G3/G4/G5)
libmysqlclient12-dev_4.0.23-3ubuntu2.3_powerpc.deb Size/MD5: 3179856 dce3423162923cfc56b1ac6b79e07e07 libmysqlclient12_4.0.23-3ubuntu2.3_powerpc.deb Size/MD5: 312632 8cfae324093e3ea018d539d1183133d2 mysql-client_4.0.23-3ubuntu2.3_powerpc.deb Size/MD5: 462406 96c5db41bc684ebc7754145b52beea3e mysql-server_4.0.23-3ubuntu2.3_powerpc.deb Size/MD5: 3839416 0268c71659e4c1cbaa07a88051a4db56
Updated packages for Ubuntu 5.10:
Source archives:
mysql-dfsg-4.1_4.1.12-1ubuntu3.3.diff.gz Size/MD5: 162244 fddf1e4d87d56438a65315e3df406b49 mysql-dfsg-4.1_4.1.12-1ubuntu3.3.dsc Size/MD5: 1024 adf2851ddc2685c8071330f3d6587ddf mysql-dfsg-4.1_4.1.12.orig.tar.gz Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f mysql-dfsg_4.0.24-10ubuntu2.2.diff.gz Size/MD5: 98632 35543de80b68e132078805f930c22cc3 mysql-dfsg_4.0.24-10ubuntu2.2.dsc Size/MD5: 964 a3306800e3fb87b1ba6425e1675a1c70 mysql-dfsg_4.0.24.orig.tar.gz Size/MD5: 9923794 aed8f335795a359f32492159e3edfaa3
Architecture independent packages:
mysql-common-4.1_4.1.12-1ubuntu3.3_all.deb Size/MD5: 36412 1ff53ed798ff3e764776232c5b9ed8a2 mysql-common_4.0.24-10ubuntu2.2_all.deb Size/MD5: 34874 2237d7dee140b8a1c25fd0495b71c590
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libmysqlclient12-dev_4.0.24-10ubuntu2.2_amd64.deb Size/MD5: 3231484 744f672b3638271f538859fead4086e3 libmysqlclient12_4.0.24-10ubuntu2.2_amd64.deb Size/MD5: 307940 4dfd1900c36aecbc840e69d246e55ffc libmysqlclient14-dev_4.1.12-1ubuntu3.3_amd64.deb Size/MD5: 5830998 ad3e828060133fb423f98ace529022d3 libmysqlclient14_4.1.12-1ubuntu3.3_amd64.deb Size/MD5: 1539694 9b8cd250044091a4a659ac8d3edd914a mysql-client-4.1_4.1.12-1ubuntu3.3_amd64.deb Size/MD5: 897782 09e8a26e30ced2274986b76483952d18 mysql-client_4.0.24-10ubuntu2.2_amd64.deb Size/MD5: 439708 8d3c1f429dd4df1fca98dbfc7826641b mysql-server-4.1_4.1.12-1ubuntu3.3_amd64.deb Size/MD5: 18429678 c2584ea7c9ab83720f9dcdc9b425f080 mysql-server_4.0.24-10ubuntu2.2_amd64.deb Size/MD5: 3922172 8e6e94953f530e0e95f0e4cd7c64e5d9
i386 architecture (x86 compatible Intel/AMD)
libmysqlclient12-dev_4.0.24-10ubuntu2.2_i386.deb Size/MD5: 2868602 bfb0d0580d0a1434e5d6168a9964afe1 libmysqlclient12_4.0.24-10ubuntu2.2_i386.deb Size/MD5: 291768 c1d98662f9ee65b7e03a42ba37b71ed8 libmysqlclient14-dev_4.1.12-1ubuntu3.3_i386.deb Size/MD5: 5347206 e3d8e9e5f4fd1f5a8966d9535233d01c libmysqlclient14_4.1.12-1ubuntu3.3_i386.deb Size/MD5: 1474730 25ee2f76ad4a8ee8a71c93c21be8e75c mysql-client-4.1_4.1.12-1ubuntu3.3_i386.deb Size/MD5: 865934 82a45bd5ea12d4b2b80341ac8a99e5a7 mysql-client_4.0.24-10ubuntu2.2_i386.deb Size/MD5: 413660 44384cf27d24c0b402182d61dbf954ca mysql-server-4.1_4.1.12-1ubuntu3.3_i386.deb Size/MD5: 17335996 0f182836baf752da5614df0e07b59fdf mysql-server_4.0.24-10ubuntu2.2_i386.deb Size/MD5: 3555698 8ba9724a80d6dba7a9a9ba88567a597f
powerpc architecture (Apple Macintosh G3/G4/G5)
libmysqlclient12-dev_4.0.24-10ubuntu2.2_powerpc.deb Size/MD5: 3090218 f9affc50377eb158f6ebb17e8461b293 libmysqlclient12_4.0.24-10ubuntu2.2_powerpc.deb Size/MD5: 305738 5d2b428dc00828d93bda45278b953c69 libmysqlclient14-dev_4.1.12-1ubuntu3.3_powerpc.deb Size/MD5: 6067794 3a9b7587c906545ba6f27f275c6ab1c4 libmysqlclient14_4.1.12-1ubuntu3.3_powerpc.deb Size/MD5: 1547882 bc20a7b7659aba5ce22dc6a2cf0a6a6f mysql-client-4.1_4.1.12-1ubuntu3.3_powerpc.deb Size/MD5: 937142 b3aae00524eb4fbdbfda3d16cfdb647c mysql-client_4.0.24-10ubuntu2.2_powerpc.deb Size/MD5: 453620 043b3b5ed7e7cee2f620aa1a3160ba5f mysql-server-4.1_4.1.12-1ubuntu3.3_powerpc.deb Size/MD5: 18521840 59456b5875845e245d6698ce4020012f mysql-server_4.0.24-10ubuntu2.2_powerpc.deb Size/MD5: 3664314 e3405e9c5f9202255e7e7d2c1b340815
--k1lZvvs/B4yU6o8G Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEX0M8DecnbV4Fd/IRAiQjAKDMvMxBCcAzao3ZnBFwYE6yS0ErIACg2ROf q2XLkwwPQOe0amlskFi6BaQ= =GJoi -----END PGP SIGNATURE-----
--k1lZvvs/B4yU6o8G--
--===============1859979722== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1859979722==--
|
|
|
|