From martin.pitt@canonical.com Mon Dec 5 08:05:59 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Mon, 5 Dec 2005 14:02:31 +0100 Subject: [Full-disclosure] [USN-180-2] MySQL 4.1 vulnerability =========================================================== Ubuntu Security Notice USN-180-2 December 05, 2005 mysql-dfsg-4.1 vulnerability CVE-2005-2558 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The following packages are affected: mysql-server-4.1 The problem can be corrected by upgrading the affected package to version 4.1.12-1ubuntu3.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-180-1 fixed a vulnerability in the mysql-server package (which ships version 4.0). Version 4.1 is vulnerable against the same flaw. Please note that this package is not officially supported in Ubuntu 5.10. Origial advisory: "AppSecInc Team SHATTER discovered a buffer overflow in the "CREATE FUNCTION" statement. By specifying a specially crafted long function name, a local or remote attacker with function creation privileges could crash the server or execute arbitrary code with server privileges. However, the right to create function is usually not granted to untrusted users." Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.1.diff.gz Size/MD5: 160353 1f6bdfc757592d25e6e5e0c40405c68a http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.1.dsc Size/MD5: 1024 6df2740a688ebd8330bab80bcafa6f9a http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.1_all.deb Size/MD5: 36022 86a50a42f1685ad909ae5674d641b6d6 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.1_amd64.deb Size/MD5: 5830550 34427f9076358567e0b0104b83e236f9 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.1_amd64.deb Size/MD5: 1539274 09ce1eebeae5d58115c8a8b10b40511b http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.1_amd64.deb Size/MD5: 897406 29713a5ce0c8b18cb7b8d49809f4aefb http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.1_amd64.deb Size/MD5: 18429032 677948b959d99cdca3770e32c19601f6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.1_i386.deb Size/MD5: 5347118 2944f5066bed041df004c51cd7e511e1 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.1_i386.deb Size/MD5: 1474316 d23d2f2af47577fbda0f754547a44fae http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.1_i386.deb Size/MD5: 865524 afdde59778fc2bc0971a959bc91960cb http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.1_i386.deb Size/MD5: 17335734 ea56a770e30cff750d7894e787deaefe powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.1_powerpc.deb Size/MD5: 6067392 661904ba18915482689a65594fbb8f66 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.1_powerpc.deb Size/MD5: 1547466 69a5573b7a30c2993e2e5685fd00a3a9 http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.1_powerpc.deb Size/MD5: 936726 a060001f07b8c239f9b1d2b4b064c83d http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.1_powerpc.deb Size/MD5: 18521170 f858e627120278b8245079d77e61348e [ Part 1.2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ] [ Part 2: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/