[Technik] [SECURITY] [DSA 1413-1] New mysql packages fix multiple vulnerabilities

Noèl Köthe noel at debian.org
Mon Nov 26 22:09:42 CET 2007 

Am Montag, den 26.11.2007, 18:20 +0100 schrieb Noah Meyerhans:

> Debian Security Advisory DSA-1413-1                  security at debian.org
> http://www.debian.org/security/                           Noah Meyerhans
> November 26, 2007                     http://www.debian.org/security/faq
> 
> Package        : mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1
> Vulnerability  : multiple
> Problem type   : remote
> Debian-specific: no
> CVE Id(s)      : CVE-2007-2583, CVE-2007-2691, CVE-2007-2692 
>                  CVE-2007-3780, CVE-2007-3782, CVE-2007-5925
> Debian Bug     : 426353, 424778, 424778, 451235

mysql auf h01, h02, h03, h04, h51, wasco und cupa aktualisiert.
Aufgrund des benötigten mysql Neustarts kam es um ca. 19:15 Uhr zu einem
kurzzeitigen mysql Ausfall.

> For the stable distribution (etch), these problems have been fixed in
> version 5.0.32-7etch3 of the mysql-dfsg-5.0 packages

mysql-dfsg-5.0 (5.0.32-7etch3) stable-security; urgency=high

  * SECURITY:
    Fix for CVE-2007-5925: The convert_search_mode_to_innobase function in
    ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows
    remote authenticated users to cause a denial of service (database crash)
    via a certain CONTAINS operation on an indexed column, which triggers an
    assertion error. (closes: #451235)

 -- Norbert Tretkowski <nobse at debian.org>  Thu, 15 Nov 2007 18:51:30 +0100

mysql-dfsg-5.0 (5.0.32-7etch2) stable-security; urgency=high

  * Security release prepared for the security team by the Debian MySQL
    maintainers. The patches were mostly taken from the Ubuntu project.
  * CVE-2007-2583: The in_decimal::set function in item_cmpfunc.cc in MySQL 
    allowed context-dependent attackers to cause a denial of service (crash)
    via a crafted IF clause that results in a divide-by-zero error and a NULL
    pointer dereference. Closes: #426353
  * CVE-2007-2691: MySQL did not require the DROP privilege for RENAME 
    TABLE statements, which allows remote authenticated users to rename 
    arbitrary tables. Closes: #424778
  * CVE-2007-2692: The mysql_change_db function in MySQL did not restore
    THD::db_access privileges when returning from SQL SECURITY INVOKER 
    stored routines, which allowed remote authenticated users to gain 
    privileges. Closes: #424778
  * CVE-2007-3780: It was discovered that MySQL could be made to overflow 
    a signed char during authentication. Remote attackers could use crafted
    authentication requests to cause a denial of service.
  * CVE-2007-3782: Phil Anderton discovered that MySQL did not properly 
    verify access privileges when accessing external tables. As a result,
    authenticated users could exploit this to obtain UPDATE privileges to
    external tables.

 -- Christian Hammers <ch at debian.org>  Tue,  6 Dec 2007 21:54:01 +0100

> For the old stable distribution (sarge), these problems have been
> fixed in version 4.0.24-10sarge3 of mysql-dfsg and version
> 4.1.11a-4sarge8 of mysql-dfsg-4.1

changelog (cupa):
mysql-dfsg (4.0.24-10sarge3) oldstable-security; urgency=high

  * Security upload prepared for the security team by the debian mysql
    package maintainers.
  * CVE-2007-2691: Fixes the problem that MySQL did not require the DROP
    privilege for RENAME TABLE statements which allows remote authenticated
    users to rename arbitrary tables. Closes: #424778

 -- Christian Hammers <ch at debian.org>  Tue, 06 Nov 2007 22:52:57 +0100

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20071126/47fe73fb/attachment.pgp

More information about the Technik mailing list