Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in MySQL
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in MySQL
ID: USN-283-1
Distribution: Ubuntu
Plattformen: Ubuntu 5.04, Ubuntu 5.10
Datum: Mo, 8. Mai 2006, 15:30
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
Applikationen: MySQL

Originalnachricht


--===============1859979722==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="k1lZvvs/B4yU6o8G"
Content-Disposition: inline


--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-283-1 May 08, 2006
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
CVE-2006-1516, CVE-2006-1517
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mysql-server
mysql-server-4.1

The problem can be corrected by upgrading the affected package to
version 4.0.23-3ubuntu2.3 (for Ubuntu 5.04), 4.0.24-10ubuntu2.2
(mysql-server for Ubuntu 5.10), or 4.1.12-1ubuntu3.3 (mysql-server-4.1
for Ubuntu 5.10). In general, a standard system upgrade is sufficient
to effect the necessary changes.

Details follow:

Stefano Di Paola discovered an information leak in the login packet
parser. By sending a specially crafted malformed login packet, a
remote attacker could exploit this to read a random piece of memory,
which could potentially reveal sensitive data. (CVE-2006-1516)

Stefano Di Paola also found a similar information leak in the parser
for the COM_TABLE_DUMP request. (CVE-2006-1517)


Updated packages for Ubuntu 5.04:

Source archives:

mysql-dfsg_4.0.23-3ubuntu2.3.diff.gz
Size/MD5: 345474 a03d04b6232f33905f239248035f3c38
mysql-dfsg_4.0.23-3ubuntu2.3.dsc
Size/MD5: 891 f45ff763a72c15171cad1162886f35de
mysql-dfsg_4.0.23.orig.tar.gz
Size/MD5: 9814467 5eec8f66ed48c6ff92e73161651a492b

Architecture independent packages:

mysql-common_4.0.23-3ubuntu2.3_all.deb
Size/MD5: 32208 366666fa86a1832df41a6371ab247a13

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libmysqlclient12-dev_4.0.23-3ubuntu2.3_amd64.deb
Size/MD5: 2866464 bd0a5bcdee56e03cbecb27753e0f9f96
libmysqlclient12_4.0.23-3ubuntu2.3_amd64.deb
Size/MD5: 307028 3de11414c948eb5ba7cdd0a83eeb96f7
mysql-client_4.0.23-3ubuntu2.3_amd64.deb
Size/MD5: 431620 d90f664ce975be92b926fd5b9d2429ab
mysql-server_4.0.23-3ubuntu2.3_amd64.deb
Size/MD5: 3628942 9596aa1a65337b9b9dbf642c0bd9794d

i386 architecture (x86 compatible Intel/AMD)

libmysqlclient12-dev_4.0.23-3ubuntu2.3_i386.deb
Size/MD5: 2826196 0762c6d6057e91dae14ade788b45afba
libmysqlclient12_4.0.23-3ubuntu2.3_i386.deb
Size/MD5: 289722 1a4a652c075dcab324c7e4f3f6384d1f
mysql-client_4.0.23-3ubuntu2.3_i386.deb
Size/MD5: 404788 e6dcfc067fbae77ce3421a8d8dfdf8cc
mysql-server_4.0.23-3ubuntu2.3_i386.deb
Size/MD5: 3537800 ca606ecc15afb3cce2c295aa1f9ab344

powerpc architecture (Apple Macintosh G3/G4/G5)

libmysqlclient12-dev_4.0.23-3ubuntu2.3_powerpc.deb
Size/MD5: 3179856 dce3423162923cfc56b1ac6b79e07e07
libmysqlclient12_4.0.23-3ubuntu2.3_powerpc.deb
Size/MD5: 312632 8cfae324093e3ea018d539d1183133d2
mysql-client_4.0.23-3ubuntu2.3_powerpc.deb
Size/MD5: 462406 96c5db41bc684ebc7754145b52beea3e
mysql-server_4.0.23-3ubuntu2.3_powerpc.deb
Size/MD5: 3839416 0268c71659e4c1cbaa07a88051a4db56


Updated packages for Ubuntu 5.10:

Source archives:

mysql-dfsg-4.1_4.1.12-1ubuntu3.3.diff.gz
Size/MD5: 162244 fddf1e4d87d56438a65315e3df406b49
mysql-dfsg-4.1_4.1.12-1ubuntu3.3.dsc
Size/MD5: 1024 adf2851ddc2685c8071330f3d6587ddf
mysql-dfsg-4.1_4.1.12.orig.tar.gz
Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f
mysql-dfsg_4.0.24-10ubuntu2.2.diff.gz
Size/MD5: 98632 35543de80b68e132078805f930c22cc3
mysql-dfsg_4.0.24-10ubuntu2.2.dsc
Size/MD5: 964 a3306800e3fb87b1ba6425e1675a1c70
mysql-dfsg_4.0.24.orig.tar.gz
Size/MD5: 9923794 aed8f335795a359f32492159e3edfaa3

Architecture independent packages:

mysql-common-4.1_4.1.12-1ubuntu3.3_all.deb
Size/MD5: 36412 1ff53ed798ff3e764776232c5b9ed8a2
mysql-common_4.0.24-10ubuntu2.2_all.deb
Size/MD5: 34874 2237d7dee140b8a1c25fd0495b71c590

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libmysqlclient12-dev_4.0.24-10ubuntu2.2_amd64.deb
Size/MD5: 3231484 744f672b3638271f538859fead4086e3
libmysqlclient12_4.0.24-10ubuntu2.2_amd64.deb
Size/MD5: 307940 4dfd1900c36aecbc840e69d246e55ffc
libmysqlclient14-dev_4.1.12-1ubuntu3.3_amd64.deb
Size/MD5: 5830998 ad3e828060133fb423f98ace529022d3
libmysqlclient14_4.1.12-1ubuntu3.3_amd64.deb
Size/MD5: 1539694 9b8cd250044091a4a659ac8d3edd914a
mysql-client-4.1_4.1.12-1ubuntu3.3_amd64.deb
Size/MD5: 897782 09e8a26e30ced2274986b76483952d18
mysql-client_4.0.24-10ubuntu2.2_amd64.deb
Size/MD5: 439708 8d3c1f429dd4df1fca98dbfc7826641b
mysql-server-4.1_4.1.12-1ubuntu3.3_amd64.deb
Size/MD5: 18429678 c2584ea7c9ab83720f9dcdc9b425f080
mysql-server_4.0.24-10ubuntu2.2_amd64.deb
Size/MD5: 3922172 8e6e94953f530e0e95f0e4cd7c64e5d9

i386 architecture (x86 compatible Intel/AMD)

libmysqlclient12-dev_4.0.24-10ubuntu2.2_i386.deb
Size/MD5: 2868602 bfb0d0580d0a1434e5d6168a9964afe1
libmysqlclient12_4.0.24-10ubuntu2.2_i386.deb
Size/MD5: 291768 c1d98662f9ee65b7e03a42ba37b71ed8
libmysqlclient14-dev_4.1.12-1ubuntu3.3_i386.deb
Size/MD5: 5347206 e3d8e9e5f4fd1f5a8966d9535233d01c
libmysqlclient14_4.1.12-1ubuntu3.3_i386.deb
Size/MD5: 1474730 25ee2f76ad4a8ee8a71c93c21be8e75c
mysql-client-4.1_4.1.12-1ubuntu3.3_i386.deb
Size/MD5: 865934 82a45bd5ea12d4b2b80341ac8a99e5a7
mysql-client_4.0.24-10ubuntu2.2_i386.deb
Size/MD5: 413660 44384cf27d24c0b402182d61dbf954ca
mysql-server-4.1_4.1.12-1ubuntu3.3_i386.deb
Size/MD5: 17335996 0f182836baf752da5614df0e07b59fdf
mysql-server_4.0.24-10ubuntu2.2_i386.deb
Size/MD5: 3555698 8ba9724a80d6dba7a9a9ba88567a597f

powerpc architecture (Apple Macintosh G3/G4/G5)

libmysqlclient12-dev_4.0.24-10ubuntu2.2_powerpc.deb
Size/MD5: 3090218 f9affc50377eb158f6ebb17e8461b293
libmysqlclient12_4.0.24-10ubuntu2.2_powerpc.deb
Size/MD5: 305738 5d2b428dc00828d93bda45278b953c69
libmysqlclient14-dev_4.1.12-1ubuntu3.3_powerpc.deb
Size/MD5: 6067794 3a9b7587c906545ba6f27f275c6ab1c4
libmysqlclient14_4.1.12-1ubuntu3.3_powerpc.deb
Size/MD5: 1547882 bc20a7b7659aba5ce22dc6a2cf0a6a6f
mysql-client-4.1_4.1.12-1ubuntu3.3_powerpc.deb
Size/MD5: 937142 b3aae00524eb4fbdbfda3d16cfdb647c
mysql-client_4.0.24-10ubuntu2.2_powerpc.deb
Size/MD5: 453620 043b3b5ed7e7cee2f620aa1a3160ba5f
mysql-server-4.1_4.1.12-1ubuntu3.3_powerpc.deb
Size/MD5: 18521840 59456b5875845e245d6698ce4020012f
mysql-server_4.0.24-10ubuntu2.2_powerpc.deb
Size/MD5: 3664314 e3405e9c5f9202255e7e7d2c1b340815

--k1lZvvs/B4yU6o8G
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEX0M8DecnbV4Fd/IRAiQjAKDMvMxBCcAzao3ZnBFwYE6yS0ErIACg2ROf
q2XLkwwPQOe0amlskFi6BaQ=
=GJoi
-----END PGP SIGNATURE-----

--k1lZvvs/B4yU6o8G--


--===============1859979722==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1859979722==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung