Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1877-1] New mysql-dfsg-5.0 packages fix arbitrary code

From Sebastien Delafond@1:229/2 to All on Wed Sep 2 20:30:13 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1877-1 [email protected] http://www.debian.org/security/ Sebastien Delafond September 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : mysql-dfsg-5.0
Vulnerability : denial of service/execution of arbitrary code
Problem type : remote (for authenticated users only)
Debian-specific: no
CVE Id(s) : CVE-2009-2446
Debian Bug : 536726

In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities
in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld
allow remote authenticated users to cause a denial of service (daemon
crash) and potentially the execution of arbitrary code via format
string specifiers in a database name in a COM_CREATE_DB or
COM_DROP_DB request.

For the stable distribution (lenny), this problem has been fixed in
version 5.0.51a-24+lenny2.

For the old stable distribution (etch), this problem has been fixed in
version 5.0.32-7etch11.

We recommend that you upgrade your mysql packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, mips, mipsel, powerpc, and sparc.
Packages for s390 and ia64 will be provided later.

Source archives:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch11.dsc
Size/MD5 checksum: 1127 04d446b8c3d2197749a1f2fa2f4d0425
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch11.diff.gz
Size/MD5 checksum: 317868 a6d964d228f060e736c7a4893b635a7b

Architecture independent packages:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch11_all.deb
Size/MD5 checksum: 48568 f461780f168fdd796d64de29d65f780f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch11_all.deb
Size/MD5 checksum: 46498 8289827ff2d32c3f186e8315bffd8623
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch11_all.deb
Size/MD5 checksum: 55722 d50cd81c4de475f456be6c85658bd1f7

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_alpha.deb
Size/MD5 checksum: 8910394 e022ad902c9062b1d23c7200efd4c2b9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_alpha.deb
Size/MD5 checksum: 1948048 a8a3e301a0cc8a50121d8b1c8d241d8d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_alpha.deb
Size/MD5 checksum: 27385186 462235f9cae189b200dd0150500b0df8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_alpha.deb
Size/MD5 checksum: 8406012 3b33aba1253a77c0cd7b5c9940beefe0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_alpha.deb
Size/MD5 checksum: 48596 06075036afdfa985e184d64cd7467dbb

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_amd64.deb
Size/MD5 checksum: 7371940 60846ded8f56a14fe4acea25b3fef8ed
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_amd64.deb
Size/MD5 checksum: 7549540 d8f07a77db3d9e390ee738d3e1c12e2a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_amd64.deb
Size/MD5 checksum: 48590 77d0e70ce3be061558d74edf94a9db3e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_amd64.deb
Size/MD5 checksum: 25811214 88cacbc41360716cc1e8fe3d0b94c183
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_amd64.deb
Size/MD5 checksum: 1831258 8644d004d2edbce351ddaa7624e2ef55

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_arm.deb
Size/MD5 checksum: 6928472 10c87727be06ced03bb85c7e4f418c61
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_arm.deb
Size/MD5 checksum: 25392708 f1baa44136b257be42aeac92f2c0ca4b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_arm.deb
Size/MD5 checksum: 48642 4112aeacd22315c05e79e3825140cbdd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_arm.deb
Size/MD5 checksum: 7208402 1f9add4b08a529c64fad7bd7dcfb4f21
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_arm.deb
Size/MD5 checksum: 1748976 c1fbff2b11833d125383635ad411887a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_hppa.deb
Size/MD5 checksum: 8052818 59038dab097f1cdd776d21390316bce1
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_hppa.deb
Size/MD5 checksum: 8004290 48e83f9e9d234b8068e171c2172d9c9d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_hppa.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 10:02:33 2026
  from Sydney, Nsw via Telnet
- Spearb0y
  Sun Jun 7 07:41:05 2026
  from Massachusetts via SSH
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	165:40:02
Calls:	12,096
Calls today:	4
Files:	15,001
Messages:	6,517,806

[SECURITY] [DSA 1877-1] New mysql-dfsg-5.0 packages fix arbitrary code

Who's Online

Recent Visitors

System Info