Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-588-2] MySQL regression
From: Jamie Strandboge <jamie () canonical com>
Date: Wed, 2 Apr 2008 17:29:38 -0400

=========================================================== 
Ubuntu Security Notice USN-588-2             April 02, 2008
mysql-dfsg-5.0 regression
https://launchpad.net/bugs/209699
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mysql-server-5.0                5.0.22-0ubuntu6.06.9

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for
Ubuntu 6.06, additional improvements were made to make privilege checks
more restictive. As a result, an upstream bug was exposed which could
cause operations on tables or views in a different database to fail. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Masaaki Hirose discovered that MySQL could be made to dereference
 a NULL pointer. An authenticated user could cause a denial of service
 (application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
 table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)
 
 Alexander Nozdrin discovered that MySQL did not restore database access
 privileges when returning from SQL SECURITY INVOKER stored routines. An
 authenticated user could exploit this to gain privileges. This issue
 does not affect Ubuntu 7.10. (CVE-2007-2692)
 
 Martin Friebe discovered that MySQL did not properly update the DEFINER
 value of an altered view. An authenticated user could use CREATE SQL
 SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges.
 (CVE-2007-6303)
 
 Luigi Auriemma discovered that yaSSL as included in MySQL did not
 properly validate its input. A remote attacker could send crafted
 requests and cause a denial of service or possibly execute arbitrary
 code. This issue did not affect Ubuntu 6.06 in the default installation.
 (CVE-2008-0226, CVE-2008-0227)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.diff.gz
      Size/MD5:   155085 f8c7ef90adb69cf67cc6366612b63d48
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.dsc
      Size/MD5:     1114 d305551acc1c106afc8fcea708bf7748
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
      Size/MD5: 18446645 2b8f36364373461190126817ec872031

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.9_all.deb
      Size/MD5:    38560 ba617aed9cc0de2b3ab0bb27e4b73208
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.9_all.deb
      Size/MD5:    41108 c5723e8875ec8ec61bc3e35d279b0785
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.9_all.deb
      Size/MD5:    38564 4c87c774aa76333f9b6ce71be03abd9e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_amd64.deb
      Size/MD5:  6727828 250a0dc849c954205639795ead8c913c
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_amd64.deb
      Size/MD5:  1423476 81fa43f4bcdaa9721311dd9cd7977713
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_amd64.deb
      Size/MD5:  6897250 ee100a247642429c58c20cf501da925d
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_amd64.deb
      Size/MD5: 22493122 6c8dc59d6b0f8885bdc08e72f7aef6b6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_i386.deb
      Size/MD5:  6141858 992e52adad73209d80bab70f7fb22d46
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_i386.deb
      Size/MD5:  1383980 fcbf70966d6875c053e30e153b610991
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_i386.deb
      Size/MD5:  6279892 cb5107c59d51513dc3b7d89ef64c2de1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_i386.deb
      Size/MD5: 21351224 84fe07a8a90d1d7bdefcdfa8bf34bc55

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_powerpc.deb
      Size/MD5:  6885504 86e9ad51262265b596bf490ce3c46a2d
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_powerpc.deb
      Size/MD5:  1463828 6a87ebba2667b07ca253b7bc3772d91e
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb
      Size/MD5:  6943956 f8630ffc208f766da49a1628076830b6
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb
      Size/MD5: 22706410 6e44a8947af147ac14a15fdd66e80bfd

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_sparc.deb
      Size/MD5:  6433916 dea5c30c9bc61cf362cfbb7cb692a280
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_sparc.deb
      Size/MD5:  1435924 5da529e0936388dc5584deb4155ba390
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_sparc.deb
      Size/MD5:  6538958 4e658a8fca75f30eeafbfff2a2bffa9c
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_sparc.deb
      Size/MD5: 21972902 4d273677401e7896b4e65d8fc9996ce5


Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-588-2] MySQL regression Jamie Strandboge (Apr 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]