From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1783
[email protected] http://www.debian.org/security/ Devin Carraway
April 29, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3963 CVE-2008-4456
Debian Bug : 498362
Multiple vulnerabilities have been identified affecting MySQL, a
relational database server, and its associated interactive client
application. The Common Vulnerabilities and Exposures project
identifies the following two problems:
CVE-2008-3963
Kay Roepke reported that the MySQL server would not properly handle
an empty bit-string literal in an SQL statement, allowing an
authenticated remote attacker to cause a denial of service (a crash)
in mysqld. This issue affects the oldstable distribution (etch), but
not the stable distribution (lenny).
CVE-2008-4456
Thomas Henlich reported that the MySQL commandline client application
did not encode HTML special characters when run in HTML output mode
(that is, "mysql --html ..."). This could potentially lead to
cross-site scripting or unintended script privilege escalation if
the resulting output is viewed in a browser or incorporated into
a web site.
For the old stable distribution (etch), these problems have been fixed in version 5.0.32-7etch10.
For the stable distribution (lenny), these problems have been fixed in
version 5.0.51a-24+lenny1.
We recommend that you upgrade your mysql-dfsg-5.0 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch10.diff.gz
Size/MD5 checksum: 316316 8b223eaabb58e59dd94eb0d4a8c92aea
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch10.dsc
Size/MD5 checksum: 1119 dcbded9cba0e19d190fc2f77f134c550
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch10_all.deb
Size/MD5 checksum: 48356 e97c3e229d72842f1dd5b4ee7f1251ce
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch10_all.deb
Size/MD5 checksum: 46278 58c0f9871167c5cea7ef590300c1f615
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch10_all.deb
Size/MD5 checksum: 55042 5e386582b3fd7d2b81f1ade654a00057
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_alpha.deb
Size/MD5 checksum: 8906160 a16ce759550234c3f2dd0951a6eb89b4
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_alpha.deb
Size/MD5 checksum: 27247262 396f7d23a26b3811c1962556e4178a29
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_alpha.deb
Size/MD5 checksum: 1947978 6dafad44578cfa7b49b923351c3bd103
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_alpha.deb
Size/MD5 checksum: 48372 c0729575a598fb0265280781b7365834
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_alpha.deb
Size/MD5 checksum: 8405666 3464e330822fb59efbeafacd2e40ede4
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_amd64.deb
Size/MD5 checksum: 1832088 357250a49039aa2ccaa55f25e8e3968e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_amd64.deb
Size/MD5 checksum: 7381776 3638e4cd74fbbc929adb68d260c7a485
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_amd64.deb
Size/MD5 checksum: 7548200 bdc8d651e463e0c4b7ed287b7ca1f43c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_amd64.deb
Size/MD5 checksum: 48378 4160e8467f4590b4e9f9be20acdd778d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_amd64.deb
Size/MD5 checksum: 25941038 081d5f54c7e3be08c7e8776e78e874a6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_arm.deb
Size/MD5 checksum: 48434 b4f7a8ce2d9b4db432b0f8255751b313
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_arm.deb
Size/MD5 checksum: 7208068 0c231cb7c1f1c44a44632721e3686a9f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_arm.deb
Size/MD5 checksum: 1748598 9390f41e7016ad267e49ff35c42069a9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_arm.deb
Size/MD5 checksum: 6931012 124a12ba4d32234f8a7eecefbc65ca1f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_arm.deb
Size/MD5 checksum: 25347856 7f872c65f8e45ca4b73e938a421a41fe
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_hppa.deb
Size/MD5 checksum: 1922874 8af809572a8f0970dac614e56d0a2d99
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_hppa.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)