From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1997-1
[email protected] http://www.debian.org/security/ Giuseppe Iuculano February 14, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-4019 CVE-2009-4030 CVE-2009-4484
Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2009-4019
Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a
denial of service (daemon crash) via a crafted statement.
CVE-2009-4030
Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified
DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated
with pathnames without symlinks, and that can point to tables created at
a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory.
CVE-2009-4484
Multiple stack-based buffer overflows in the CertDecoder::GetName function
in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field.
For the oldstable distribution (etch), these problems have been fixed in version 5.0.32-7etch12
For the stable distribution (lenny), these problems have been fixed in
version 5.0.51a-24+lenny3
The testing (squeeze) and unstable (sid) distribution do not contain mysql-dfsg-5 anymore.
We recommend that you upgrade your mysql-dfsg-5.0 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch12.dsc
Size/MD5 checksum: 1128 4887f5693757fbbc2584e86ab5e91bf3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch12.diff.gz
Size/MD5 checksum: 315292 3d1c00f7b70032c11803fa391bee026a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch12_all.deb
Size/MD5 checksum: 48912 f937a118691e4325dac3a5a8e98eeb50
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch12_all.deb
Size/MD5 checksum: 55892 6f34fbec1b8e451172ebd24f80439a9e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch12_all.deb
Size/MD5 checksum: 46842 daa1649e464ebdbbd54170fb571782ea
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_alpha.deb
Size/MD5 checksum: 1947910 6e23852721ab3b2a95d1b3113a533212
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_alpha.deb
Size/MD5 checksum: 48900 c53c847af88a0423a09b9f68ba261859
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_alpha.deb
Size/MD5 checksum: 8906528 64427684814af516902d10adb5c85de2
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_alpha.deb
Size/MD5 checksum: 8406242 204adae2eab5bfb665728ea7257631f0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_alpha.deb
Size/MD5 checksum: 27248640 ee4b566619b0e560dcbf0632f8b0cc0e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_amd64.deb
Size/MD5 checksum: 1832552 84dba4bf6dfb24e13f4077e04d0c3475
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_amd64.deb
Size/MD5 checksum: 25812188 31a0ce355b2c04ac098cf88594903744
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_amd64.deb
Size/MD5 checksum: 48892 7af6aaca5c209bc9035be7d70784e9cb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_amd64.deb
Size/MD5 checksum: 7549932 60e9a964ad08a8da5b2ea3f9102bead7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_amd64.deb
Size/MD5 checksum: 7373492 bcf1f20eb6e6a973348a70628b1f4c4c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_arm.deb
Size/MD5 checksum: 1749396 bdd8b56e6fcd449a95fa84557be2a36c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_arm.deb
Size/MD5 checksum: 48944 a1eefc9dc4f1b06dc273e3a9e8bb15b0
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)