[PLDSA 7-1] Multiple MySQL vulnerabilities
Krzysiek Taraszka
dzimi at pld.org.pl
Sun Jan 5 13:02:56 CET 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 7-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
04 January 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : mysql prior to 3.23.53-1
Vulnerability : remote DOS and arbitrary code execution
Problem-Type : remote
PLD-specific : no
CVE references : CAN-2002-1373, CAN-2002-1374, CAN-2002-1375, CAN-2002-1376
[ Previous mail was broken by Announcer. This mail fix previous announcer
bugs ]
Two vulnerabilities were discovered in all versions of MySQL prior
to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by
any valid MySQL user to crash the MySQL server, the other allows
anyone to bypass the MySQL password check or execute arbitraty code
with the privilege of the user running mysqld. Another two
vulnerabilities were found, one an arbitrary size heap overflow in
the mysql client library and another that allows one to write '\0'
to any memory address. Both of these flaws could allow DOS attacks
or arbitary code execution within anything linked against
libmysqlclient.
The above problems and other security problems have been fixed in version
3.23.54a-1 for the current stable distribution (ra).
We recommend that you upgrade your mysql packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'mysql*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'mysql*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/mysql-3.23.54a-1.src.rpm
MD5 checksum: 536fc89687d9080450c8bbb372cd44c8
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-3.23.54a-1.i386.rpm
MD5 checksum: f0ac3eb68947c2087d7ae36862e45ca3
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-bench-3.23.54a-1.i386.rpm
MD5 checksum: 8e63731ec657a4b1f9de67e10db16704
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-client-3.23.54a-1.i386.rpm
MD5 checksum: 46d06540dcfe6c2dcf19c46e5fa690b6
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-devel-3.23.54a-1.i386.rpm
MD5 checksum: 7d9eb35ea4be5d398db7fcfe44780800
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-extras-3.23.54a-1.i386.rpm
MD5 checksum: c148410afffdd6fd688416177e5e4bb9
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-extras-perl-3.23.54a-1.i386.rpm
MD5 checksum: c0ddab0f3bd98364bcf975a9fb837886
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-libs-3.23.54a-1.i386.rpm
MD5 checksum: caf84b0460814e44be9a93cd09e3b186
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-static-3.23.54a-1.i386.rpm
MD5 checksum: 4bdb4d985642b5338dd5ef9d079beae3
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-3.23.54a-1.i586.rpm
MD5 checksum: 1b66c77e866d986a1151feca494c1c46
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-bench-3.23.54a-1.i586.rpm
MD5 checksum: 167d509a348e4190db8b367122b257b2
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-client-3.23.54a-1.i586.rpm
MD5 checksum: bc0f4585c71fdfa114420c2afcc8fceb
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-devel-3.23.54a-1.i586.rpm
MD5 checksum: fc7106bcfe9682a26c601a20a6219eca
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-extras-3.23.54a-1.i586.rpm
MD5 checksum: 29dd002e8aecac23fc86b185e42b6b2f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-extras-perl-3.23.54a-1.i586.rpm
MD5 checksum: acabbd169d9882ec2b160b85f10753f5
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-libs-3.23.54a-1.i586.rpm
MD5 checksum: c501aa55ef858e80398ccdd4d5bef6f2
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-static-3.23.54a-1.i586.rpm
MD5 checksum: 92ce44b71829a8c01754b5d77828de97
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-3.23.54a-1.i686.rpm
MD5 checksum: 36445933287f4fe380cb3ba6e28048b7
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-bench-3.23.54a-1.i686.rpm
MD5 checksum: 5715387ba2de8e5676b1fa43b0200684
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-client-3.23.54a-1.i686.rpm
MD5 checksum: b5ca9700eae3701c86ff8a38971a1925
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-devel-3.23.54a-1.i686.rpm
MD5 checksum: 6cfe23c77711247a0d3bf3f92a3a39b6
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-extras-3.23.54a-1.i686.rpm
MD5 checksum: 9eeb787c483ad7239e7df9297600b63e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-extras-perl-3.23.54a-1.i686.rpm
MD5 checksum: 07b20cb5fab1658e2651e7e48eda173e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-libs-3.23.54a-1.i686.rpm
MD5 checksum: f3b6149b7002094af28fcf9f5e1e92da
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-static-3.23.54a-1.i686.rpm
MD5 checksum: e56d93f9f90da7c9913b939f166d898d
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-3.23.54a-1.ppc.rpm
MD5 checksum: f035de90d75f7d94c3b703d2396d105c
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-bench-3.23.54a-1.ppc.rpm
MD5 checksum: da1a228a797def9578431dc595fe7fde
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-client-3.23.54a-1.ppc.rpm
MD5 checksum: 23869dad78948902f6e8e4cb800acc46
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-devel-3.23.54a-1.ppc.rpm
MD5 checksum: fae98cf58222702c3880f2449c63c3f0
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-extras-3.23.54a-1.ppc.rpm
MD5 checksum: a0cb864b2cf98ea6a9192b0eb2383be6
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-extras-perl-3.23.54a-1.ppc.rpm
MD5 checksum: 19ac1fbfb7041b6c6eb01e759392bf94
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-libs-3.23.54a-1.ppc.rpm
MD5 checksum: 2cb147b8637af709c970a1d2402aaea1
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-static-3.23.54a-1.ppc.rpm
MD5 checksum: 87a2801b3038a929e359d29cbb141c24
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list