drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in MySQL
Name: |
Pufferüberlauf in MySQL |
|
ID: |
USN-180-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04 |
|
Datum: |
Mo, 12. September 2005, 12:27 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558 |
|
Applikationen: |
MySQL |
|
Originalnachricht |
--===============0840998994== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="JYK4vJDZwFMowpUq" Content-Disposition: inline
--JYK4vJDZwFMowpUq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-180-1 September 12, 2005 mysql-dfsg vulnerability CAN-2005-2558 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mysql-server
The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.6 (for Ubuntu 4.10), or 4.0.23-3ubuntu2.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
AppSecInc Team SHATTER discovered a buffer overflow in the "CREATE FUNCTION" statement. By specifying a specially crafted long function name, a local or remote attacker with function creation privileges could crash the server or execute arbitrary code with server privileges.
However, the right to create function is usually not granted to untrusted users.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
mysql-dfsg_4.0.20-2ubuntu1.6.diff.gz Size/MD5: 176229 d6bc8b2b2b230e78ec9687da9efcbf51 mysql-dfsg_4.0.20-2ubuntu1.6.dsc Size/MD5: 892 e8a6c1da7ee9c9a4f0d0230668194d92 mysql-dfsg_4.0.20.orig.tar.gz Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b
Architecture independent packages:
mysql-common_4.0.20-2ubuntu1.6_all.deb Size/MD5: 24954 e37ec0b833581cbb3a61adabaaded1e6
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libmysqlclient-dev_4.0.20-2ubuntu1.6_amd64.deb Size/MD5: 2810910 37e3be47166916cbee74710ec7941ff1 libmysqlclient12_4.0.20-2ubuntu1.6_amd64.deb Size/MD5: 305050 6eca63fba27f260519148a983c4f5f63 mysql-client_4.0.20-2ubuntu1.6_amd64.deb Size/MD5: 423074 3448add9571e27d59ce0d606030bd4c8 mysql-server_4.0.20-2ubuntu1.6_amd64.deb Size/MD5: 3577998 b8f2959dc35ab200830ae3b5a4c21784
i386 architecture (x86 compatible Intel/AMD)
libmysqlclient-dev_4.0.20-2ubuntu1.6_i386.deb Size/MD5: 2774308 10791fbe23039feaca5b8da4305a0331 libmysqlclient12_4.0.20-2ubuntu1.6_i386.deb Size/MD5: 287958 f902c18ef2ee28d48b8cd63d69d522c1 mysql-client_4.0.20-2ubuntu1.6_i386.deb Size/MD5: 397058 eaf9ed1dfd775ba54bc48c69d9bded4f mysql-server_4.0.20-2ubuntu1.6_i386.deb Size/MD5: 3487096 f58367c64af08240f7f2915f9c14ee03
powerpc architecture (Apple Macintosh G3/G4/G5)
libmysqlclient-dev_4.0.20-2ubuntu1.6_powerpc.deb Size/MD5: 3110364 460bc8875819e44f85f2da23ad9d96ee libmysqlclient12_4.0.20-2ubuntu1.6_powerpc.deb Size/MD5: 308678 fc6f6a70b2d3f5e58936e8d47d46ead3 mysql-client_4.0.20-2ubuntu1.6_powerpc.deb Size/MD5: 452452 f2b5ac7242ab5fe61f83af19a429ca01 mysql-server_4.0.20-2ubuntu1.6_powerpc.deb Size/MD5: 3770658 44000810678e5b2d65394c79bbe85d1b
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
mysql-dfsg_4.0.23-3ubuntu2.1.diff.gz Size/MD5: 343131 734dbd10607e6b7c97bf6f7cb28d8473 mysql-dfsg_4.0.23-3ubuntu2.1.dsc Size/MD5: 891 2fe7a16171615d70802177d7894ab690 mysql-dfsg_4.0.23.orig.tar.gz Size/MD5: 9814467 5eec8f66ed48c6ff92e73161651a492b
Architecture independent packages:
mysql-common_4.0.23-3ubuntu2.1_all.deb Size/MD5: 31820 2870e1063ad371be5f4449481e2a7588
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libmysqlclient12-dev_4.0.23-3ubuntu2.1_amd64.deb Size/MD5: 2865804 f12ae406ed4bee3a88f103a56d075991 libmysqlclient12_4.0.23-3ubuntu2.1_amd64.deb Size/MD5: 306634 db41d303bb8144d09597d9be905ff38b mysql-client_4.0.23-3ubuntu2.1_amd64.deb Size/MD5: 431240 39cc82842d9b7bb67ae9bde729fdda87 mysql-server_4.0.23-3ubuntu2.1_amd64.deb Size/MD5: 3628528 fe6256a00bb730774502869f5fd54ee5
i386 architecture (x86 compatible Intel/AMD)
libmysqlclient12-dev_4.0.23-3ubuntu2.1_i386.deb Size/MD5: 2825576 ddd4a5456bf07946f5799fda59edc08b libmysqlclient12_4.0.23-3ubuntu2.1_i386.deb Size/MD5: 289312 f8430b12efc6ddd1ab06472efa4d1298 mysql-client_4.0.23-3ubuntu2.1_i386.deb Size/MD5: 404398 0ce9fbe31c10a165ce21c35ff02ec796 mysql-server_4.0.23-3ubuntu2.1_i386.deb Size/MD5: 3537534 9579ab2fec18babd77eb1a08679ba7d1
powerpc architecture (Apple Macintosh G3/G4/G5)
libmysqlclient12-dev_4.0.23-3ubuntu2.1_powerpc.deb Size/MD5: 3179176 91554ba66b4f098bb2bfd4f12920d56d libmysqlclient12_4.0.23-3ubuntu2.1_powerpc.deb Size/MD5: 312222 c286c5563c54fe683b3feb0497e84370 mysql-client_4.0.23-3ubuntu2.1_powerpc.deb Size/MD5: 461978 d9710de33c7a9adc2cdd93607f72a180 mysql-server_4.0.23-3ubuntu2.1_powerpc.deb Size/MD5: 3839218 33e94b0a7468a80ba1ab96f83515d61a
--JYK4vJDZwFMowpUq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDJUvuDecnbV4Fd/IRAm13AKCnJVTwJzP9MtSarMY5F/8K3bRVSQCffQ/w HUEPl+YBJ2m5+DepaxgEnAM= =gmvt -----END PGP SIGNATURE-----
--JYK4vJDZwFMowpUq--
--===============0840998994== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0840998994==--
|
|
|
|