Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in MySQL
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in MySQL
ID: USN-559-1
Distribution: Ubuntu
Plattformen: Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10
Datum: Fr, 21. Dezember 2007, 08:40
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6304
Applikationen: MySQL

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================
Ubuntu Security Notice USN-559-1 December 21, 2007
mysql-dfsg-5.0 vulnerabilities
CVE-2007-3781, CVE-2007-5925, CVE-2007-5969, CVE-2007-6304
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.6

Ubuntu 6.10:
mysql-server-5.0 5.0.24a-9ubuntu2.2

Ubuntu 7.04:
mysql-server-5.0 5.0.38-0ubuntu1.2

Ubuntu 7.10:
mysql-server-5.0 5.0.45-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Joe Gallo and Artem Russakovskii discovered that the InnoDB
engine in MySQL did not properly perform input validation. An
authenticated user could use a crafted CONTAINS statement to
cause a denial of service. (CVE-2007-5925)

It was discovered that under certain conditions MySQL could be
made to overwrite system table information. An authenticated
user could use a crafted RENAME statement to escalate privileges.
(CVE-2007-5969)

Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. (CVE-2007-6304)

It was discovered that MySQL did not properly enforce access
controls. An authenticated user could use a crafted CREATE TABLE
LIKE statement to escalate privileges. (CVE-2007-3781)


Updated packages for Ubuntu 6.06 LTS:

Source archives:


mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6.diff.gz
Size/MD5: 141921 40e1d18994ea5a2e16ccf3eef8c0a911

mysql-dfsg-5.0_5.0.22-0ubuntu6.06.6.dsc
Size/MD5: 1114 7aa7ca42455917698c49302d539892a8

mysql-dfsg-5.0_5.0.22.orig.tar.gz
Size/MD5: 18446645 2b8f36364373461190126817ec872031

Architecture independent packages:


mysql-client_5.0.22-0ubuntu6.06.6_all.deb
Size/MD5: 37754 2915fa7c33ff76a2e183816418bcded0

mysql-common_5.0.22-0ubuntu6.06.6_all.deb
Size/MD5: 40312 3b28fd6e3093d53825d62f2c1c426c32

mysql-server_5.0.22-0ubuntu6.06.6_all.deb
Size/MD5: 37770 4bd41396ac1894731767c88e8f9c8232

amd64 architecture (Athlon64, Opteron, EM64T Xeon):


libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_amd64.deb
Size/MD5: 6726240 7f68410d71f3352824a1e39eadebc419

libmysqlclient15off_5.0.22-0ubuntu6.06.6_amd64.deb
Size/MD5: 1422674 a29baedbd28f9bda6ac5954b781ee61c

mysql-client-5.0_5.0.22-0ubuntu6.06.6_amd64.deb
Size/MD5: 6895744 79e7fe07f1b5273fb6e2f72484e87e1d

mysql-server-5.0_5.0.22-0ubuntu6.06.6_amd64.deb
Size/MD5: 22491720 e59ef66c1407e0a90a7da496e31d4c0b

i386 architecture (x86 compatible Intel/AMD):


libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_i386.deb
Size/MD5: 6140278 01f928a13794100da0550c5b1b3cec2b

libmysqlclient15off_5.0.22-0ubuntu6.06.6_i386.deb
Size/MD5: 1383144 3ae36b6ed7eeb21cf07eeb70fc9e53b7

mysql-client-5.0_5.0.22-0ubuntu6.06.6_i386.deb
Size/MD5: 6278624 7e242e531b9dd0118a489f4116eeb0f5

mysql-server-5.0_5.0.22-0ubuntu6.06.6_i386.deb
Size/MD5: 21349884 a4ef0a9c708a185699459bbd45607ee7

powerpc architecture (Apple Macintosh G3/G4/G5):


libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_powerpc.deb
Size/MD5: 6883962 38ba7a79cd5e5169026da0e270882e6e

libmysqlclient15off_5.0.22-0ubuntu6.06.6_powerpc.deb
Size/MD5: 1463000 edd6bb6971756d067112dd6c26a86001

mysql-client-5.0_5.0.22-0ubuntu6.06.6_powerpc.deb
Size/MD5: 6941234 bf394436feb776a8aeda5b16457c5f3c

mysql-server-5.0_5.0.22-0ubuntu6.06.6_powerpc.deb
Size/MD5: 22704566 99dcc9a353254c143856e395305bd101

sparc architecture (Sun SPARC/UltraSPARC):


libmysqlclient15-dev_5.0.22-0ubuntu6.06.6_sparc.deb
Size/MD5: 6432404 4b323e0bc9352197a2591359a34aa807

libmysqlclient15off_5.0.22-0ubuntu6.06.6_sparc.deb
Size/MD5: 1435102 8c26a0b526c03e9c1047142a25d8807f

mysql-client-5.0_5.0.22-0ubuntu6.06.6_sparc.deb
Size/MD5: 6537102 95f61eb52cd6d8cddf43fb44b322021c

mysql-server-5.0_5.0.22-0ubuntu6.06.6_sparc.deb
Size/MD5: 21971462 edcc3bed7c9ac7c2790edf7cded3e649

Updated packages for Ubuntu 6.10:

Source archives:


mysql-dfsg-5.0_5.0.24a-9ubuntu2.2.diff.gz
Size/MD5: 149067 f04852bbacfddca8991b0420a81dcb80

mysql-dfsg-5.0_5.0.24a-9ubuntu2.2.dsc
Size/MD5: 1110 e03c714b3ec22f193a971c1ae34fee26

mysql-dfsg-5.0_5.0.24a.orig.tar.gz
Size/MD5: 18663598 9641fcc4f34b4a2651d1aabb3b72a971

Architecture independent packages:


mysql-client_5.0.24a-9ubuntu2.2_all.deb
Size/MD5: 40362 6f1d636329390524f63dd3f022a73e75

mysql-common_5.0.24a-9ubuntu2.2_all.deb
Size/MD5: 42986 ddd15240f1c19ae8db569743ef5334e0

mysql-server_5.0.24a-9ubuntu2.2_all.deb
Size/MD5: 40366 c5e28987c4c7e229fd6ae6fe01532efc

amd64 architecture (Athlon64, Opteron, EM64T Xeon):


libmysqlclient15-dev_5.0.24a-9ubuntu2.2_amd64.deb
Size/MD5: 7293944 55c4574a4da347fd135317a27e273da9

libmysqlclient15off_5.0.24a-9ubuntu2.2_amd64.deb
Size/MD5: 1815434 c374c8ca2221c56d52c537757ced9034

mysql-client-5.0_5.0.24a-9ubuntu2.2_amd64.deb
Size/MD5: 7433576 45a6f46238e8a43f940b2080b69eb3b5

mysql-server-5.0_5.0.24a-9ubuntu2.2_amd64.deb
Size/MD5: 25706086 9978736b222efce82d4f9a8b7e4b92aa

i386 architecture (x86 compatible Intel/AMD):


libmysqlclient15-dev_5.0.24a-9ubuntu2.2_i386.deb
Size/MD5: 6813754 cc1ba614f333de07dde1ebb994651f61

libmysqlclient15off_5.0.24a-9ubuntu2.2_i386.deb
Size/MD5: 1760776 db41b41a4465a3647164dfe6ece3a53c

mysql-client-5.0_5.0.24a-9ubuntu2.2_i386.deb
Size/MD5: 6956664 97defed52d6597360e3b3700b1fb7786

mysql-server-5.0_5.0.24a-9ubuntu2.2_i386.deb
Size/MD5: 24938848 e7051bd9e028cb850688b34465f19946

powerpc architecture (Apple Macintosh G3/G4/G5):


libmysqlclient15-dev_5.0.24a-9ubuntu2.2_powerpc.deb
Size/MD5: 7436334 c14b7374b69367d08ae0646add7d829b

libmysqlclient15off_5.0.24a-9ubuntu2.2_powerpc.deb
Size/MD5: 1810506 078014c219ea6f1f7544f54326a018c3

mysql-client-5.0_5.0.24a-9ubuntu2.2_powerpc.deb
Size/MD5: 7472414 79bb19069998f114e18145d5f00c16c0

mysql-server-5.0_5.0.24a-9ubuntu2.2_powerpc.deb
Size/MD5: 26070992 3e26ae18945c62d09a63f64b6923ab87

sparc architecture (Sun SPARC/UltraSPARC):


libmysqlclient15-dev_5.0.24a-9ubuntu2.2_sparc.deb
Size/MD5: 6943116 92e63c7e8694efe060c89d460f837be7

libmysqlclient15off_5.0.24a-9ubuntu2.2_sparc.deb
Size/MD5: 1771892 c98ecf696f68bfd882b34f8cedeb0900

mysql-client-5.0_5.0.24a-9ubuntu2.2_sparc.deb
Size/MD5: 7049186 9fcd861ec4a1cd24849db4b878db7383

mysql-server-5.0_5.0.24a-9ubuntu2.2_sparc.deb
Size/MD5: 25303482 162f79d00d400b32db3b92ef9c01d00d

Updated packages for Ubuntu 7.04:

Source archives:


mysql-dfsg-5.0_5.0.38-0ubuntu1.2.diff.gz
Size/MD5: 153438 ef62a333a3e59de972f807558ced7034

mysql-dfsg-5.0_5.0.38-0ubuntu1.2.dsc
Size/MD5: 1209 22d39c64b9a362753bc1373d9e1e441d

mysql-dfsg-5.0_5.0.38.orig.tar.gz
Size/MD5: 16602385 c661bce63e01401455c2273bfb170a8d

Architecture independent packages:


mysql-client_5.0.38-0ubuntu1.2_all.deb
Size/MD5: 46082 3d0af7f1709fc4a8b5bf013f87dc22fd

mysql-common_5.0.38-0ubuntu1.2_all.deb
Size/MD5: 54792 44aac2f8f2fa0bc1eec6861f7800a219

mysql-server_5.0.38-0ubuntu1.2_all.deb
Size/MD5: 48154 9b1f82341ec96b514ba1675c2a242977

amd64 architecture (Athlon64, Opteron, EM64T Xeon):


libmysqlclient15-dev_5.0.38-0ubuntu1.2_amd64.deb
Size/MD5: 7451190 cb4977b40f91a4ef78fe821948e1ec09

libmysqlclient15off_5.0.38-0ubuntu1.2_amd64.deb
Size/MD5: 1892364 3a44465d3c9d3b2f723eca53a43b46f8

mysql-client-5.0_5.0.38-0ubuntu1.2_amd64.deb
Size/MD5: 7851686 56c61b5002654a5538dafaf659139759

mysql-server-4.1_5.0.38-0ubuntu1.2_amd64.deb
Size/MD5: 48180 2298a04b4ff07ddb1dd6a990e49f6deb

mysql-server-5.0_5.0.38-0ubuntu1.2_amd64.deb
Size/MD5: 26506712 41ee4288475bcc5243455cc09cd32507

i386 architecture (x86 compatible Intel/AMD):


libmysqlclient15-dev_5.0.38-0ubuntu1.2_i386.deb
Size/MD5: 6953080 4d1ae584c3a31f66103201aeec2a8d1b

libmysqlclient15off_5.0.38-0ubuntu1.2_i386.deb
Size/MD5: 1835192 0fc487e2ac10d92f0800ddddf061a529

mysql-client-5.0_5.0.38-0ubuntu1.2_i386.deb
Size/MD5: 7362478 d8c155d448c90534c7244428220bdcb6

mysql-server-4.1_5.0.38-0ubuntu1.2_i386.deb
Size/MD5: 48180 335ea55a4890713d76ae3ae4ed56fbab

mysql-server-5.0_5.0.38-0ubuntu1.2_i386.deb
Size/MD5: 25741160 787646346281f3e673e6b68c80070123

powerpc architecture (Apple Macintosh G3/G4/G5):


libmysqlclient15-dev_5.0.38-0ubuntu1.2_powerpc.deb
Size/MD5: 7654750 3ba22a1b17259f91536314a048068dea

libmysqlclient15off_5.0.38-0ubuntu1.2_powerpc.deb
Size/MD5: 1918850 8793cd7a12c508d5b46d5a4405ac83cb

mysql-client-5.0_5.0.38-0ubuntu1.2_powerpc.deb
Size/MD5: 7913920 a6d8648435ed8ba792f768fbe780ca29

mysql-server-4.1_5.0.38-0ubuntu1.2_powerpc.deb
Size/MD5: 48182 787fe3f1cd991df796ff73425af04c96

mysql-server-5.0_5.0.38-0ubuntu1.2_powerpc.deb
Size/MD5: 26977992 ad88410e4f4e67dd16226e5486b134c2

sparc architecture (Sun SPARC/UltraSPARC):


libmysqlclient15-dev_5.0.38-0ubuntu1.2_sparc.deb
Size/MD5: 7080522 cd75c7a5623f3aa0e8fba838e00af7db

libmysqlclient15off_5.0.38-0ubuntu1.2_sparc.deb
Size/MD5: 1839862 7561b5ed23dfc352d3735fa0889f40e7

mysql-client-5.0_5.0.38-0ubuntu1.2_sparc.deb
Size/MD5: 7440200 d84dc6636004ed177d701464b8fd95d2

mysql-server-4.1_5.0.38-0ubuntu1.2_sparc.deb
Size/MD5: 48186 c192d5612ffe2bbe58e1dccd8557557c

mysql-server-5.0_5.0.38-0ubuntu1.2_sparc.deb
Size/MD5: 26108944 2693f0df9adf1b3e3385b754419f932c

Updated packages for Ubuntu 7.10:

Source archives:


mysql-dfsg-5.0_5.0.45-1ubuntu3.1.diff.gz
Size/MD5: 226879 f86c497381e85035d01e960984463744

mysql-dfsg-5.0_5.0.45-1ubuntu3.1.dsc
Size/MD5: 1294 7c1ea6a3f11cbbc789b0ce04b6c7cab6

mysql-dfsg-5.0_5.0.45.orig.tar.gz
Size/MD5: 17801680 ab450aa2e9b89f3b4e01fd12375b1bee

Architecture independent packages:


mysql-client_5.0.45-1ubuntu3.1_all.deb
Size/MD5: 47882 8c3203d2e059fa8b12eec99477182e84

mysql-common_5.0.45-1ubuntu3.1_all.deb
Size/MD5: 56096 f9ba8c213cd4acd2e746133dd003cd17

mysql-server_5.0.45-1ubuntu3.1_all.deb
Size/MD5: 50086 06643f8a4e1e32fc0a2553c014f41a34

amd64 architecture (Athlon64, Opteron, EM64T Xeon):


libmysqlclient15-dev_5.0.45-1ubuntu3.1_amd64.deb
Size/MD5: 7561574 594eca4cca9385eafd1c8b7ccd0c174c

libmysqlclient15off_5.0.45-1ubuntu3.1_amd64.deb
Size/MD5: 1916426 16b9b9213bc9e07fa7bc3b8ee076c137

mysql-client-5.0_5.0.45-1ubuntu3.1_amd64.deb
Size/MD5: 7993858 f6e3fc5e491b48f35d9c9a56a13f9c98

mysql-server-5.0_5.0.45-1ubuntu3.1_amd64.deb
Size/MD5: 27569922 75beac5263e4ffcbf22dbec2c5e32367

i386 architecture (x86 compatible Intel/AMD):


libmysqlclient15-dev_5.0.45-1ubuntu3.1_i386.deb
Size/MD5: 7041790 ea800c66c62fb0f4104f146922f50ea5

libmysqlclient15off_5.0.45-1ubuntu3.1_i386.deb
Size/MD5: 1866558 276490a6631383da38fd29646c6dc59a

mysql-client-5.0_5.0.45-1ubuntu3.1_i386.deb
Size/MD5: 7492504 69b7c57e96c3d29c6b1c4578da4b140f

mysql-server-5.0_5.0.45-1ubuntu3.1_i386.deb
Size/MD5: 26790230 b14cc79dffd9a275b96bd7adab684908

powerpc architecture (Apple Macintosh G3/G4/G5):


libmysqlclient15-dev_5.0.45-1ubuntu3.1_powerpc.deb
Size/MD5: 7760452 9dd75562723b8f1538c8bd8bf9367488

libmysqlclient15off_5.0.45-1ubuntu3.1_powerpc.deb
Size/MD5: 1948396 33d46b210ff86729e1935dd5b9ce4282

mysql-client-5.0_5.0.45-1ubuntu3.1_powerpc.deb
Size/MD5: 8062892 5bcfc4169e092cd96cf15f04e59a7aa4

mysql-server-5.0_5.0.45-1ubuntu3.1_powerpc.deb
Size/MD5: 28019590 301db28c2cd5bff8ec8ee744f98244bb

sparc architecture (Sun SPARC/UltraSPARC):


libmysqlclient15-dev_5.0.45-1ubuntu3.1_sparc.deb
Size/MD5: 7170918 bd107418a5eb151e04f7e84588d93a5c

libmysqlclient15off_5.0.45-1ubuntu3.1_sparc.deb
Size/MD5: 1876020 2dedeeb2044860de9ecd27d916d84a25

mysql-client-5.0_5.0.45-1ubuntu3.1_sparc.deb
Size/MD5: 7581194 ad3059820781ba974181633c111925bc

mysql-server-5.0_5.0.45-1ubuntu3.1_sparc.deb
Size/MD5: 27136130 7958e87a59ce7a6d93eed492fa9bd2cf


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHa2qAW0JvuRdL8BoRAu0DAJ9PSVPtyHD+WIPsN14WAanvzBUpigCcDwpX
uD/bXnJjooTHGIq8TsNpWzY=
=Dk7q
-----END PGP SIGNATURE-----

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung