Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Advisories, July 17, 2006

Jul 18, 2006, 04:45 (0 Talkback[s])

Debian Security Advisory DSA 1112-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 18th, 2006 http://www.debian.org/security/faq

Package : mysql-dfsg-4.1
Vulnerability : several
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-3081 CVE-2006-3469
Debian Bug : 373913 375694

Several local vulnerabilities have been discovered in the MySQL database server, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-3081

"Kanatoko" discovered that the server can be crashed with feeding NULL values to the str_to_date() function.

CVE-2006-3469

Jean-David Maillefer discovered that the server can be crashed with specially crafted date_format() function calls.

For the stable distribution (sarge) these problems have been fixed in version 4.1.11a-4sarge5.

For the unstable distribution (sid) does no longer contain MySQL 4.1 packages. MySQL 5.0 from sid is not affected.

We recommend that you upgrade your mysql-dfsg-4.1 packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.dsc
      Size/MD5 checksum: 1021 9cd4f7df9345856d06846e0ddb50b9ee
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz
      Size/MD5 checksum: 168442 e45db0b01b3adaf09500d54090f3a1e1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
      Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge5_all.deb
      Size/MD5 checksum: 36520 e8115191126dc0b373a53024e5c78733

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_alpha.deb
      Size/MD5 checksum: 1590788 297b4444903885a19c76a1217e83477d
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_alpha.deb
      Size/MD5 checksum: 7965184 8df4e20d157517541228fa52e4c60dbc
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_alpha.deb
      Size/MD5 checksum: 1000952 4d62bca949f80c09f043a78b9e701ca5
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_alpha.deb
      Size/MD5 checksum: 17487070 b357fcab1b57764e1ee8a341dd30def3

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_amd64.deb
      Size/MD5 checksum: 1452034 a22b66b8e00b2409bf1428834af1073b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_amd64.deb
      Size/MD5 checksum: 5551704 731f50735026de2b95d9e9d9e19a7717
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_amd64.deb
      Size/MD5 checksum: 849526 a0a5d944db8261044bcdddbe55ab03d6
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_amd64.deb
      Size/MD5 checksum: 14711282 bf471f8b19fe0aa14bf04209c0eac975

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_arm.deb
      Size/MD5 checksum: 1388864 1ed00eac905063c7caa7702bb6a4dcda
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_arm.deb
      Size/MD5 checksum: 5558854 46fac3302d6e4677bb1dbce5f5aa1387
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_arm.deb
      Size/MD5 checksum: 836766 5487191a4af54786066ac720456b5b68
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_arm.deb
      Size/MD5 checksum: 14557630 1369e1f83fad8dfcbea1618e0acd821e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_i386.deb
      Size/MD5 checksum: 1418036 ab5768abe67a1d21c714a078f2ec86f0
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb
      Size/MD5 checksum: 5643732 bf891e68e488947fd28a940a367d722f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_i386.deb
      Size/MD5 checksum: 830724 f5d4a9e5b289d895ba021190f907829f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_i386.deb
      Size/MD5 checksum: 14558034 b580eeaf7a3806b95a07435acbe48e27

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_ia64.deb
      Size/MD5 checksum: 1713308 0067b2b9c41a412defde52f366e3c897
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_ia64.deb
      Size/MD5 checksum: 7782486 3aabc5d9cf4bd642de338d58bdaf06f5
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_ia64.deb
      Size/MD5 checksum: 1050616 d23aac0cd8ee2af56e54dfb5bac2f330
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_ia64.deb
      Size/MD5 checksum: 18475936 9ddfe01a4b31abfed11b9bde23fac76f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_hppa.deb
      Size/MD5 checksum: 1551202 77244af3e0edbeaf716764fe9ac81e6f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_hppa.deb
      Size/MD5 checksum: 6250286 fd9cb45d760605ee2a89f70af5cb9af3
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_hppa.deb
      Size/MD5 checksum: 910046 38698cebd4b9f438fd09d9bbb9dcd92c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_hppa.deb
      Size/MD5 checksum: 15791130 8517866821789c2ac7343f9db6f59d3f

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_m68k.deb
      Size/MD5 checksum: 1397964 e5166b54d56236e0bcbd677ae0b0612f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_m68k.deb
      Size/MD5 checksum: 5284080 48f187b76145ed53de71074d1e19bd6a
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_m68k.deb
      Size/MD5 checksum: 803870 699c9078240853a353fbd70504285d51
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_m68k.deb
      Size/MD5 checksum: 14072018 f2837081c2ff82f8510234e174db38b4

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mips.deb
      Size/MD5 checksum: 1478938 f6865d5d185ecc5b20dac7d0d7e129da
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mips.deb
      Size/MD5 checksum: 6053046 43b3f77618248df20870c85301465095
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mips.deb
      Size/MD5 checksum: 904490 351bde467510be873c1a2cdc57048523
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mips.deb
      Size/MD5 checksum: 15409966 a0332059581d3de6922e9313d6eef676

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mipsel.deb
      Size/MD5 checksum: 1446348 46a4c7d996016a4adcf56440b05fef21
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mipsel.deb
      Size/MD5 checksum: 5971326 6467ab19215d4e0e45084d3530929683
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mipsel.deb
      Size/MD5 checksum: 890130 52b93510c81b7d296074fc4c36a6d847
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mipsel.deb
      Size/MD5 checksum: 15105474 1ffe09b6dc5b370067bf337109188a25

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_powerpc.deb
      Size/MD5 checksum: 1476860 3b5a3a41dcb3744a289e78e3310d1df1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_powerpc.deb
      Size/MD5 checksum: 6027448 99a562b660721bc4dacd8997de8aab1f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_powerpc.deb
      Size/MD5 checksum: 907410 9893e547ddfe66215e6bc3da4bf69724
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_powerpc.deb
      Size/MD5 checksum: 15403210 25c8ae97be006ad171df2f3bdedc72a2

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_s390.deb
      Size/MD5 checksum: 1538550 b105d416c3bcd7875984cecac926d076
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_s390.deb
      Size/MD5 checksum: 5461556 00100b922054d9b9c3fc22b3a92b60c7
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_s390.deb
      Size/MD5 checksum: 884294 37fe2778f39871852f9fa53677cffe2c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_s390.deb
      Size/MD5 checksum: 15055516 c22496ba5559e2fbb1f0a37cd889ee0b

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_sparc.deb
      Size/MD5 checksum: 1460576 f4a2d46769a708b1ef70aa85e2b09277
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_sparc.deb
      Size/MD5 checksum: 6208040 3dc2de911cc6cbcb4f637bfccbce988a
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_sparc.deb
      Size/MD5 checksum: 868258 1671384fa14d81404e3af7ffb555073e
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_sparc.deb
      Size/MD5 checksum: 15392304 6d9b9d762aa6088e416c1b987f853e96

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>