Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1413-1 security@debian.org
http://www.debian.org/security/
Noah Meyerhans
November 26, 2007
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1
Vulnerability : multiple
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-2583, CVE-2007-2691, CVE-2007-2692
CVE-2007-3780, CVE-2007-3782, CVE-2007-5925
Debian Bug : 426353, 424778, 424778, 451235
Several vulnerabilities have been found in the MySQL database packages
with implications ranging from unauthorized database modifications to
remotely triggered server crashes.
CVE-2007-2583
The in_decimal::set function in item_cmpfunc.cc in MySQL
before 5.0.40 allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results
in a divide-by-zero error and a NULL pointer dereference.
(Affects source version 5.0.32)
CVE-2007-2691
MySQL does not require the DROP privilege for RENAME TABLE
statements, which allows remote authenticated users to rename
arbitrary tables. (All supported versions affected.)
CVE-2007-2692
The mysql_change_db function does not restore THD::db_access
privileges when returning from SQL SECURITY INVOKER stored
routines, which allows remote authenticated users to gain
privileges. (Affects source version 5.0.32)
CVE-2007-3780
MySQL could be made to overflow a signed char during
authentication. Remote attackers could use specially crafted
authentication requests to cause a denial of
service. (Upstream source versions 4.1.11a and 5.0.32
affected.)
CVE-2007-3782
Phil Anderton discovered that MySQL did not properly verify
access privileges when accessing external tables. As a result,
authenticated users could exploit this to obtain UPDATE
privileges to external tables. (Affects source version
5.0.32)
CVE-2007-5925
The convert_search_mode_to_innobase function in ha_innodb.cc
in the InnoDB engine in MySQL 5.1.23-BK and earlier allows
remote authenticated users to cause a denial of service
(database crash) via a certain CONTAINS operation on an
indexed column, which triggers an assertion error. (Affects
source version 5.0.32)
For the stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch3 of the mysql-dfsg-5.0 packages
For the old stable distribution (sarge), these problems have been
fixed in version 4.0.24-10sarge3 of mysql-dfsg and version
4.1.11a-4sarge8 of mysql-dfsg-4.1
We recommend that you upgrade your mysql packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch3.diff.gz
Size/MD5 checksum: 158239 ceb5a1f5875bd86c34f1c8711fff1512
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch3.dsc
Size/MD5 checksum: 1117 1f37ff72f1d5276c52b1adcebe796704
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch3_all.deb
Size/MD5 checksum: 53548 5eab71c3e41f585dfb86f360cf9413a8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch3_all.deb
Size/MD5 checksum: 47306 e3e2cf556bcf98b077090b9aa1551973
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch3_all.deb
Size/MD5 checksum: 45228 8ae0496a27a9919f0ef79100a294cb5c
alpha architecture (DEC Alpha)
Size/MD5 checksum: 27367610 5b031c91101fc26da9fce90649f6af4f
Size/MD5 checksum: 8406582 2a6b482ac43acc702aba070ac16410f1
Size/MD5 checksum: 1949566 65956545169d0494303614308dd5fc71
Size/MD5 checksum: 47356 eacd0a3b3588c14b26806e739e81c003
Size/MD5 checksum: 8912162 ef51f26850391ea2b46df1e479de7298
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 1829436 137139b9722adcad521d72048bc870a0
Size/MD5 checksum: 25937824 d0b8b7d295213217b780d5f78dd48753
Size/MD5 checksum: 7374926 c86423aa3d5024a1e9829e94686d0a80
Size/MD5 checksum: 7545502 c28dd59a10fe782a11ed92d4f41e02d3
Size/MD5 checksum: 47334 00c4901d4a7e889d346788668d03b76d
hppa architecture (HP PA RISC)
Size/MD5 checksum: 1919950 77ed051af8da085483401586783168a6
Size/MD5 checksum: 8003408 df40aa6aae5261b7e19389b6aeccd517
Size/MD5 checksum: 8043764 9f2c5326cbe83478904b5fbb44a566d5
Size/MD5 checksum: 27053986 748ee990de95a70a1f12bf8d82836458
Size/MD5 checksum: 47338 2fbe0c22b854160efc3fbe57130d78cc
i386 architecture (Intel ia32)
Size/MD5 checksum: 7188116 2c7a41713a396c8aecedc8b924f348a1
Size/MD5 checksum: 6968400 09df50c04d87f934b021188d28a6de56
Size/MD5 checksum: 1793210 1be98453fe240009dd910bb4f3ce6ecb
Size/MD5 checksum: 25356378 112399fe4ec962c0ed807768880a7770
Size/MD5 checksum: 47336 c303c553a72e9819ea90efbd04973bbb
ia64 architecture (Intel ia64)
Size/MD5 checksum: 30405568 8daba01d54e639051eb5bffeada3e9cb
Size/MD5 checksum: 9734712 d34c17a16de0cf2746fccb6abc920f84
Size/MD5 checksum: 2114634 eff36d5639abca158981d0d3b6855da5
Size/MD5 checksum: 47336 86b6a4b42b83c6e308ac4be5245a1e00
Size/MD5 checksum: 10338428 67eb004fa1fae7eb752fc3e328f24fc2
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 7655162 fb5957d30c35fcd1e94d478df13d126f
Size/MD5 checksum: 26336066 6068caefe4e50c1a0c7c1d2f016cfe89
Size/MD5 checksum: 1835184 7d23cc0b5d3d34fc1c965ae416355f07
Size/MD5 checksum: 47334 b81bf61ee49f02d6e952e86c1c7ef494
Size/MD5 checksum: 7748034 c2265fed6ee82de7a87429aaeb3f3834
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 1788816 cda01fa6f2def40f0c947caa8f8c1da2
Size/MD5 checksum: 7639546 afd466efeeddb85feaeef28987c03e35
Size/MD5 checksum: 47340 d36af99d1b815f62f39149fddcbd27de
Size/MD5 checksum: 25845048 20a84270663df2b65110a8b669aee37a
Size/MD5 checksum: 7559536 589510f9e026bde91e70c9b4ad78ea6a
powerpc architecture (PowerPC)
Size/MD5 checksum: 26161766 9ff509c8158d9f4381843daf29d90cb4
Size/MD5 checksum: 47336 cbbc6088151475e9003d6ce245e7ea7a
Size/MD5 checksum: 7511054 c4d1aa7227f49402604aabb82ec391a2
Size/MD5 checksum: 7572150 f67c846d62cf2da02e073d75f5e97831
Size/MD5 checksum: 1831826 d2be47b8486e73a5056b29873fc5f379
s390 architecture (IBM S/390)
Size/MD5 checksum: 7507308 50acb63d4680441570d0180152af6dc4
Size/MD5 checksum: 26762652 fe88146edc3286d12fc06596b55fb56a
Size/MD5 checksum: 7412232 2d4e9fbce49e7248b91de25f2524a12a
Size/MD5 checksum: 1951276 179a3a70d258114616e2aa98b43a7896
Size/MD5 checksum: 47336 f89bb547bf6727493dccff6188c0bacd
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge3.dsc
Size/MD5 checksum: 959 79f665363e1949c6848b9ccd79774d08
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
Size/MD5 checksum: 9923794 aed8f335795a359f32492159e3edfaa3
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge3.diff.gz
Size/MD5 checksum: 100288 c8a09fb8a55fb6ae086d80aecc09e5f5
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge8.dsc
Size/MD5 checksum: 1021 3e72ca407001f3a821af22528aeb4167
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge8.diff.gz
Size/MD5 checksum: 166363 3a827fee8740fbedbe7c114075351847
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge3_all.deb
Size/MD5 checksum: 34692 ccc11adc92b89539535dadf270d47ffe
Size/MD5 checksum: 36954 13af7dbf0b5e55c57b22f66611d6f39c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_alpha.deb
Size/MD5 checksum: 524476 83c832e4a2c8740a07ec8ecc69850de3
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_alpha.deb
Size/MD5 checksum: 4896532 b9db7c1604c82b49b960266452f179b9
Size/MD5 checksum: 17499908 f7dbe472481d4404556f8b18c621b02a
Size/MD5 checksum: 4534572 1782d264a4c7702af2d6bc3ca8b08ca4
Size/MD5 checksum: 1005618 89d391d8186f37393b6f6230e9749aa1
Size/MD5 checksum: 1592832 7e2b8f6c948fd331bbbbde5d9c68d459
Size/MD5 checksum: 7972820 924ddc2e807ced4e65d84a044d01c101
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_alpha.deb
Size/MD5 checksum: 356840 49415e6524100bad42d375b8e1a746b5
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_amd64.deb
Size/MD5 checksum: 3878532 bfd14013a3cfea4ada8c0bb4f61adac5
Size/MD5 checksum: 3182788 9f16c1b574b822b83af24b083e0bf008
Size/MD5 checksum: 5552302 68e16ff3668b2a97698f41351d4c5b14
Size/MD5 checksum: 850010 5746928e2118b74835ea6f9f33a3ff90
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_amd64.deb
Size/MD5 checksum: 309618 9628c1cb0c3988e7a8ca4c1788e7bbfb
Size/MD5 checksum: 1452492 b5f79b0bcdc6bf3b21b5f766ae94f1d9
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_amd64.deb
Size/MD5 checksum: 434160 1a89003c4a9d54e9b8942232ee42ce1c
Size/MD5 checksum: 14711934 2176f9ed1b9049b049d6a755f201677a
hppa architecture (HP PA RISC)
Size/MD5 checksum: 15791836 18fc8a2cf9f1ff120c50a00579285ba7
Size/MD5 checksum: 1551666 2060ce8666a508dab761c3f6044f9de4
Size/MD5 checksum: 3314510 c3355ecb5c2b96478dea993a48e4ade1
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_hppa.deb
Size/MD5 checksum: 330088 f81f69b7a00213483a2ee47961b0fa8a
Size/MD5 checksum: 910486 34ce1dd85f8b3102c8320608db2ac49b
Size/MD5 checksum: 6250742 e741c50def86f096fc3e5f33d2546e4b
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_hppa.deb
Size/MD5 checksum: 456142 15f3655a889ab79f32a05a6ec4e6d3eb
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_hppa.deb
Size/MD5 checksum: 3947328 2580ee426cdb77ecb018ad66a2de271a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_i386.deb
Size/MD5 checksum: 297144 9d9a3af124735f4f2ddc2bf2d8080441
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_i386.deb
Size/MD5 checksum: 3652532 dc9c0f6c46d5cf4980626b8bf1478c2b
Size/MD5 checksum: 5645942 e4cf4980b8dcd3ade7f97744ff7cd627
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_i386.deb
Size/MD5 checksum: 417172 6d0d21ab328bb10704a453018a9fbe0f
Size/MD5 checksum: 1418578 c3c5800beb238eadcb44bc5cae668a09
Size/MD5 checksum: 831594 1e9acc111598dbeae29405174e98f8eb
Size/MD5 checksum: 14573956 cf379b4463dc21d6afe6bbc4d66e2e46
Size/MD5 checksum: 2921244 524bcb7f1d70efd731623e0f9a1d60e2
ia64 architecture (Intel ia64)
Size/MD5 checksum: 4472620 c8fc82cd6fde1292e8c8ecaa52010208
Size/MD5 checksum: 18476390 00d4a9e3dbb4d4aaf6413956f11fda92
Size/MD5 checksum: 1713832 6a39a0d7365c737be61622837bac5dca
Size/MD5 checksum: 7783060 37a93f7334445189a7da139eb49823bb
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_ia64.deb
Size/MD5 checksum: 395506 132724ad264cc04490ea24e748ce1851
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_ia64.deb
Size/MD5 checksum: 5328724 b1b99174117f19d4c4b9c623ed01df56
Size/MD5 checksum: 1051002 41347335283f500399239a1f1a4775d8
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_ia64.deb
Size/MD5 checksum: 563102 6b985dc902aae54259452d31df50cd24
m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 14072444 45218793b9ec9add8c60d7d5b9d5ecff
Size/MD5 checksum: 1398428 ce0c0458d7823cf25b16597478b4c642
Size/MD5 checksum: 5284906 3e5fa51be89bd067204ae48559861520
Size/MD5 checksum: 2665842 ab25785d95a7f3fdadb378be8b06cd0e
Size/MD5 checksum: 804284 6004dfa406aea7d976c66ad16e719ed7
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_m68k.deb
Size/MD5 checksum: 279626 a4b26bba2ac95ad3143151284bfeba94
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_m68k.deb
Size/MD5 checksum: 390416 eca95af258b0c05d028da111b56a4861
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_m68k.deb
Size/MD5 checksum: 3293164 f8a2690deb9bfa8aaee3e687da053b8f
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 3182420 da3365e2f5591091b8dac2b0971ecc06
Size/MD5 checksum: 6053548 8279dfc879a2b2a59f63600a96fdca39
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_mips.deb
Size/MD5 checksum: 3813468 bdcb203b023634e31be39fd620fdbc2b
Size/MD5 checksum: 1479412 86378b3184949727fb41c09b4d4ca7c6
Size/MD5 checksum: 15410656 11b75dc0f14e6f9269c05687619588f6
Size/MD5 checksum: 904966 5eda6f9a63f4de3822fbdab24b2032a3
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_mips.deb
Size/MD5 checksum: 457402 757c58c311483de54a36d08769f9c1a7
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_mips.deb
Size/MD5 checksum: 314286 4c4ada1ce8947b6966fcddb5f22f95d5
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 890636 ce0dd4c2e900f46d4dc05ad8133e3a88
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_mipsel.deb
Size/MD5 checksum: 3800518 c00e254b7f48ae49290cd7dd31753d7a
Size/MD5 checksum: 5971808 9629c320f1af7853259439fdeae30780
Size/MD5 checksum: 1446828 6d41d040546857e1f9761f24bab9eda3
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_mipsel.deb
Size/MD5 checksum: 457406 652de57a0f442df039cd6d3b1f16d2de
Size/MD5 checksum: 3170108 e6aebf4bf3d5104ccc17344b45c57d6d
Size/MD5 checksum: 15105928 b9763453f6182b1d455318a3c33d1530
Size/MD5 checksum: 313988 491f203b6400811b9e1e36564bc6ddde
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_powerpc.deb
Size/MD5 checksum: 3842466 2917a7734614ffda7b05b7c405601aee
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_powerpc.deb
Size/MD5 checksum: 464746 c27ca4aef0faba749ed9884a29426264
Size/MD5 checksum: 3184324 cfad0b1cbf4755e0207f499d8b7d8888
Size/MD5 checksum: 907956 524cb85860e1095c7f51cf9f99e41fe7
Size/MD5 checksum: 15403470 ab134b91f282ef187b9a1b8111b232ee
Size/MD5 checksum: 315226 16e34511be65bced2891ad6c802758ee
Size/MD5 checksum: 6028094 a40f646aabe6fac0fed85d68e0f2e8af
Size/MD5 checksum: 1477348 4912345b9fa0387a45145c4a57943e90
s390 architecture (IBM S/390)
Size/MD5 checksum: 15055668 d9676ace09d308e85753c9948bf71260
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_s390.deb
Size/MD5 checksum: 442530 5a5979fc69d824957df213a5359817af
Size/MD5 checksum: 2830430 1c10f46c702ac43421dab5fd31c99222
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_s390.deb
Size/MD5 checksum: 3665930 9e8d73a35f26940bf5ad761a7fbc2cc9
Size/MD5 checksum: 5461984 d678870cdf69e36fa48f9e7805c8d226
Size/MD5 checksum: 1539020 499b59166b4fb0645baa3cdb2640f9bb
Size/MD5 checksum: 884768 e1a53219771e9cda40724ef31d5aeb5a
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_s390.deb
Size/MD5 checksum: 324802 3c008c24e23b9388800c735085a2bffd
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 1460892 671fb72c4664b823d92a967fe62a6def
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_sparc.deb
Size/MD5 checksum: 430132 53e0deb3e36c605c6e23e1f997ff1cfe
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_sparc.deb
Size/MD5 checksum: 304778 5b7dcd84615b8d05da23e7a0aaf7d24b
Size/MD5 checksum: 15392390 3316fb8ca5d77ab41217556778e27a6c
Size/MD5 checksum: 3270084 c5639359a39f097fabbd579ddf9dcf9f
Size/MD5 checksum: 868724 1fdb7040fdae0efdbc0efe4a69a12ffb
Size/MD5 checksum: 6208522 7ca5e1f738d1071826f860343273d97a
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_sparc.deb
Size/MD5 checksum: 3821768 3910007d21f7e4227b5bef66f8a4b54c
These files will probably be moved into the stable distribution on
its next update.
- --------------------------------------------------------------------------------- iD8DBQFHSv+/YrVLjBFATsMRAlCHAJ9AB25T6bY14dgWbrmSCk/oGPb88QCcDnfa
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
cNv7z3XtNIdgzOWP7e0r7wQ=
=4cUx
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment