From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1608-1
[email protected] http://www.debian.org/security/ Devin Carraway
July 13, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : authorization bypass
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2079
Debian Bug : 480292
Sergei Golubchik discovered that MySQL, a widely-deployed database
server, did not properly validate optional data or index directory
paths given in a CREATE TABLE statement, nor would it (under proper
conditions) prevent two databases from using the same paths for data
or index files. This permits an authenticated user with authorization
to create tables in one database to read, write or delete data from
tables subsequently created in other databases, regardless of other
GRANT authorizations. The Common Vulnerabilities and Exposures
project identifies this weakness as CVE-2008-2079.
For the stable distribution (etch), this problem has been fixed in
version 5.0.32-7etch6. Note that the fix applied will have the
consequence of disallowing the selection of data or index paths
under the database root, which on a Debian system is /var/lib/mysql;
database administrators needing to control the placement of these
files under that location must do so through other means.
We recommend that you upgrade your mysql-dfsg-5.0 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.diff.gz
Size/MD5 checksum: 266482 42faf9d31d5bf1674d5b241ff49341cf
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.dsc
Size/MD5 checksum: 1117 367176f5e877cf3c46c662b87275f901
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch6_all.deb
Size/MD5 checksum: 45888 48a61918f72d865970ef48bc4eeb3466
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch6_all.deb
Size/MD5 checksum: 54220 72f5ee84fa60b0871600fbe5fd4f5a74
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch6_all.deb
Size/MD5 checksum: 47968 e8a2d9a5f13043c67a3d9ba4caa57a3c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 1947356 1cd753a88978d41452bffc772323eb83
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 8909108 61b392dc0be2b82c3e6a5657ad06fca8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 27381852 9e9fc87afceae3cb7c157369843a30ad
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 47992 8798c205394f39c843df143db2ba37af
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 8405314 f52f8049cb3080bca02eeba5c2e14a1d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 47990 3662d9f51257c5fc57e7a20b90a6f33d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 7371044 0fd9eb3504a9958b1f709a48649b41c0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 25815708 3fd278cba985110a578fc8d5bc76f8e9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 1830958 6cc454236571032d4c723a4084cae535
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 7548576 ce08e3855077d14ddf73d70362faaaf1
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 1748158 271c0b333e4404ac1a3230e13e182c70
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 6930330 70477965987251fa25ace71df5c200f7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 25345976 f7908a64856451893285ebaebb4f6125
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 48034 90284b682bc77e4401c216f3f49d8995
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 7205572 7ebe1cb99dbb00a4db7ee387c2533a44
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_hppa.deb
Size/MD5 checksum: 8054566 6ed6093c2dae6999126eacf5309e4474
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_hppa.deb
Size/MD5 checksum: 47990 688427cc2115f9260546013364aca60b
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)