From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1662-1
[email protected] http://www.debian.org/security/ Devin Carraway November 06, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : authorization bypass
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-4098
Debian Bug : 480292
A symlink traversal vulnerability was discovered in MySQL, a
relational database server. The weakness could permit an attacker
having both CREATE TABLE access to a database and the ability to
execute shell commands on the database server to bypass MySQL access
controls, enabling them to write to tables in databases to which they
would not ordinarily have access.
The Common Vulnerabilities and Exposures project identifies this
vulnerability as CVE-2008-4098. Note that a closely aligned issue,
identified as CVE-2008-4097, was prevented by the update announced in DSA-1608-1. This new update supercedes that fix and mitigates both
potential attack vectors.
For the stable distribution (etch), this problem has been fixed in
version 5.0.32-7etch8.
We recommend that you upgrade your mysql packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.dsc
Size/MD5 checksum: 1117 6456a5396b56431a31e2121805ef3208
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.diff.gz
Size/MD5 checksum: 269277 bc749451446872ac8c8567ed60b0eea6
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch8_all.deb
Size/MD5 checksum: 48142 761dce88bf46026622550e503800d4c3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch8_all.deb
Size/MD5 checksum: 54452 64140dddeb7bd50098ddc6222b4d2939
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch8_all.deb
Size/MD5 checksum: 46068 0a67c6a61d08bf716c0af68da1585563
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_alpha.deb
Size/MD5 checksum: 8405572 ceda4648a1bbc48f087f8763350c04e7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_alpha.deb
Size/MD5 checksum: 27385278 b5435c8d77f64e1855300e1988570333
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_alpha.deb
Size/MD5 checksum: 8909972 e76dc32887c4baf25721eff971aa9d60
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_alpha.deb
Size/MD5 checksum: 48170 c6eb1472bb6cf4fad708c23dd9a78cf8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_alpha.deb
Size/MD5 checksum: 1947544 73d751f95dc5604d159df910a3157f45
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_amd64.deb
Size/MD5 checksum: 1831314 6ed359b8f2fb92c5c9846a3743e4b0f8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_amd64.deb
Size/MD5 checksum: 7549266 ca948f5c66f2172927acd9e5cbf7c9ae
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_amd64.deb
Size/MD5 checksum: 7371842 7ff54b963be65b5e7d18425cd313bbcb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_amd64.deb
Size/MD5 checksum: 48178 127af2553cc1fd9e89f1f69a2eb44709
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_amd64.deb
Size/MD5 checksum: 25813464 06dc8568f055c04dc4ddfd19de79a704
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_arm.deb
Size/MD5 checksum: 48230 2a5b1b7b2ed8c94301fc60bd49be7991
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_arm.deb
Size/MD5 checksum: 7208004 9e268d05c77d521dbe0366961534cdf2
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_arm.deb
Size/MD5 checksum: 25347882 b89ba96f815a27ebe70014d8c16e6bc0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_arm.deb
Size/MD5 checksum: 6930850 21ec3a8f5a6634454db8dec30fea9e65
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_arm.deb
Size/MD5 checksum: 1748390 1877d302ebc91e8ccf104ba2d75479a6
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_hppa.deb
Size/MD5 checksum: 27178846 d5b6eb3072bb2e8f2d114b182701a736
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_hppa.deb
Size/MD5 checksum: 8060958 f4d89fec611eb37939d98f3e52391b21
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_hppa.deb
Size/MD5 checksum: 48174 be34e4d2b05e4b294f5a3396611d4126
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_hppa.deb
Size/MD5 checksum: 1920860 8ef8d38dc53e5f81eebcad330103062a
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)