Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in mysql-dfsg-4.1
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in mysql-dfsg-4.1
ID: USN-321-1
Distribution: Ubuntu
Plattformen: Ubuntu 5.10
Datum: Fr, 21. Juli 2006, 16:08
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
Applikationen: MySQL

Originalnachricht

 

--===============0925267080==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="O98KdSgI27dgYlM5"
Content-Disposition: inline


--O98KdSgI27dgYlM5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-321-1              July 21, 2006
mysql-dfsg-4.1 vulnerability
CVE-2006-3469
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  mysql-server-4.1                         4.1.12-1ubuntu3.7

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg=
-4.1_4.1.12-1ubuntu3.7.diff.gz
      Size/MD5:   165177 e3f4a9d6d9803befbba2532addd92b71
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg=
-4.1_4.1.12-1ubuntu3.7.dsc
      Size/MD5:     1024 33020e3d005bd77d484f34abecf1c177
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg=
-4.1_4.1.12.orig.tar.gz
      Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-comm=
on-4.1_4.1.12-1ubuntu3.7_all.deb
      Size/MD5:    36830 d60762f789e3bd2b4fd3a456d3f73930

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl=
ient14-dev_4.1.12-1ubuntu3.7_amd64.deb
      Size/MD5:  5831474 bced6d17845dc9588a089d49f02d55b0
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl=
ient14_4.1.12-1ubuntu3.7_amd64.deb
      Size/MD5:  1540694 af1be52eddc78528ecd022434171906e
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-=
client-4.1_4.1.12-1ubuntu3.7_amd64.deb
      Size/MD5:   898462 d45442957f383440bd191f930b443547
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-=
server-4.1_4.1.12-1ubuntu3.7_amd64.deb
      Size/MD5: 18433692 e071ef9ab926bfb5140a40c26c3ed78f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl=
ient14-dev_4.1.12-1ubuntu3.7_i386.deb
      Size/MD5:  5348328 8fd1aadc67f3377de8d9d938fed7c165
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl=
ient14_4.1.12-1ubuntu3.7_i386.deb
      Size/MD5:  1475476 c5258fbb58cb8cb9723a7ffa4284d0f1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-=
client-4.1_4.1.12-1ubuntu3.7_i386.deb
      Size/MD5:   866460 42d1d8b4841a60bd8579e393b18dbe3f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-=
server-4.1_4.1.12-1ubuntu3.7_i386.deb
      Size/MD5: 17336370 e535ca52af75dd467f68e26b6a9d5e27

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl=
ient14-dev_4.1.12-1ubuntu3.7_powerpc.deb
      Size/MD5:  6069400 36169591c90ee3417371a958cadc7b71
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl=
ient14_4.1.12-1ubuntu3.7_powerpc.deb
      Size/MD5:  1549166 901ef463598f28da3cfac186a66558da
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-=
client-4.1_4.1.12-1ubuntu3.7_powerpc.deb
      Size/MD5:   937712 1e8b6a06c6b3dfba1e99a7781da0a66c
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-=
server-4.1_4.1.12-1ubuntu3.7_powerpc.deb
      Size/MD5: 18523422 69e4c4a92cd298cfc3e60a7b907b3529

--O98KdSgI27dgYlM5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwM7yDecnbV4Fd/IRAvQJAKC3MS9ViJyjHLtXBP+OFkM3VSq4JgCgx3zM
m6NJFvwypaYcOu7dp6azddE=
=IWmA
-----END PGP SIGNATURE-----

--O98KdSgI27dgYlM5--


--===============0925267080==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0925267080==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung