Pufferüberlauf in mysql-dfsg-4.1
ID: | USN-321-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 5.10 |
Datum: | Fr, 21. Juli 2006, 16:08 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469 |
Applikationen: | MySQL |
Originalnachricht |
|
--===============0925267080== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="O98KdSgI27dgYlM5" Content-Disposition: inline --O98KdSgI27dgYlM5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=20 Ubuntu Security Notice USN-321-1 July 21, 2006 mysql-dfsg-4.1 vulnerability CVE-2006-3469 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D A security issue affects the following Ubuntu releases: Ubuntu 5.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: mysql-server-4.1 4.1.12-1ubuntu3.7 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg= -4.1_4.1.12-1ubuntu3.7.diff.gz Size/MD5: 165177 e3f4a9d6d9803befbba2532addd92b71 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg= -4.1_4.1.12-1ubuntu3.7.dsc Size/MD5: 1024 33020e3d005bd77d484f34abecf1c177 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg= -4.1_4.1.12.orig.tar.gz Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-comm= on-4.1_4.1.12-1ubuntu3.7_all.deb Size/MD5: 36830 d60762f789e3bd2b4fd3a456d3f73930 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl= ient14-dev_4.1.12-1ubuntu3.7_amd64.deb Size/MD5: 5831474 bced6d17845dc9588a089d49f02d55b0 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl= ient14_4.1.12-1ubuntu3.7_amd64.deb Size/MD5: 1540694 af1be52eddc78528ecd022434171906e http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-= client-4.1_4.1.12-1ubuntu3.7_amd64.deb Size/MD5: 898462 d45442957f383440bd191f930b443547 http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-= server-4.1_4.1.12-1ubuntu3.7_amd64.deb Size/MD5: 18433692 e071ef9ab926bfb5140a40c26c3ed78f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl= ient14-dev_4.1.12-1ubuntu3.7_i386.deb Size/MD5: 5348328 8fd1aadc67f3377de8d9d938fed7c165 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl= ient14_4.1.12-1ubuntu3.7_i386.deb Size/MD5: 1475476 c5258fbb58cb8cb9723a7ffa4284d0f1 http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-= client-4.1_4.1.12-1ubuntu3.7_i386.deb Size/MD5: 866460 42d1d8b4841a60bd8579e393b18dbe3f http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-= server-4.1_4.1.12-1ubuntu3.7_i386.deb Size/MD5: 17336370 e535ca52af75dd467f68e26b6a9d5e27 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl= ient14-dev_4.1.12-1ubuntu3.7_powerpc.deb Size/MD5: 6069400 36169591c90ee3417371a958cadc7b71 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlcl= ient14_4.1.12-1ubuntu3.7_powerpc.deb Size/MD5: 1549166 901ef463598f28da3cfac186a66558da http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-= client-4.1_4.1.12-1ubuntu3.7_powerpc.deb Size/MD5: 937712 1e8b6a06c6b3dfba1e99a7781da0a66c http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-= server-4.1_4.1.12-1ubuntu3.7_powerpc.deb Size/MD5: 18523422 69e4c4a92cd298cfc3e60a7b907b3529 --O98KdSgI27dgYlM5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEwM7yDecnbV4Fd/IRAvQJAKC3MS9ViJyjHLtXBP+OFkM3VSq4JgCgx3zM m6NJFvwypaYcOu7dp6azddE= =IWmA -----END PGP SIGNATURE----- --O98KdSgI27dgYlM5-- --===============0925267080== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============0925267080==-- |