From martin.pitt@canonical.com Sat Nov 27 21:59:39 2004 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Date: Thu, 25 Nov 2004 13:15:20 +0100 Subject: [USN-32-1] mysql vulnerabilities =========================================================== Ubuntu Security Notice USN-32-1 November 25, 2004 mysql-dfsg vulnerabilities CAN-2004-0836, CAN-2004-0837, CAN-2004-0956, CAN-2004-0957 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: mysql-server The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Several vulnerabilities have been discovered in the MySQL database server. Lukasz Wojtow discovered a potential buffer overflow in the function mysql_real_connect(). A malicious name server could send specially crafted DNS packages which might result in execution of arbitrary code with the database server's privileges. However, it is believed that this bug cannot be exploited with the C Standard library (glibc) that Ubuntu uses. (CAN-2004-0836). Dean Ellis noticed a flaw that allows an authorized MySQL user to cause a denial of service (crash or hang) via concurrent execution of certain statements (ALTER TABLE ... UNION=, FLUSH TABLES) on tables of type MERGE (CAN-2004-0837) Some query strings containing a double quote (like MATCH ... AGAINST (' some " query' IN BOOLEAN MODE) ) that did not have a matching closing double quote caused a denial of service (server crash). Again, this is only exploitable by authorized mysql users. (CAN-2004-0956) If a user was granted privileges to a database with a name containing an underscore ("_"), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957) Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.1.diff.gz Size/MD5: 165384 7f507b594e9d5d9cd0a7adb2eca5d0c4 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-2ubuntu1.1.dsc Size/MD5: 892 3afca4b6ec963ad9c239deb7df0c556d http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20.orig.tar.gz Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.20-2ubuntu1.1_all.deb Size/MD5: 24012 44750442562ef128334a4ad1bcfef15c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_amd64.deb Size/MD5: 2809794 a257ea0675c52c60b5d1ef3d5dfadebc http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_amd64.deb Size/MD5: 304040 759952b1db7359f3f3b54d3d3bbc11ff http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_amd64.deb Size/MD5: 422102 d95d773d2479c3878a56248cdf2428de http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_amd64.deb Size/MD5: 3576654 4641b0ff8d06e82e21648352f01282d2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_i386.deb Size/MD5: 2773050 4717ed4d1405d70c6ede0056ee40e490 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_i386.deb Size/MD5: 287018 5b18d12015bb46bf0c89e5bcc323b0a5 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_i386.deb Size/MD5: 396026 097eff3da7fc711a52473f62535c5d04 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_i386.deb Size/MD5: 3485608 0886647a564f4136efc4f72f694d22c3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient-dev_4.0.20-2ubuntu1.1_powerpc.deb Size/MD5: 3109072 b510d1c4a3a33da55cb3b97a612b2e19 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.20-2ubuntu1.1_powerpc.deb Size/MD5: 307718 55738df34a3f30e34d702d8b804bb57a http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.20-2ubuntu1.1_powerpc.deb Size/MD5: 451512 7dcb7e811ff6a0a8a0528bbb49229ac1 http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.20-2ubuntu1.1_powerpc.deb Size/MD5: 3769072 f7274343ac2163a0ff377c9cad1ec07e [ Part 2, "Digital signature" Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ]