Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2006 > Three Debian Security Advisories: 1. DSA 1071-1 - New MySQL 3.23 packages fix several vulnerabilities 2. DSA 1072-1 - New Nagios packages fix arbitrary code execution 3. DSA 1073-1 - New MySQL 4.1 packages fix several vulnerabilities

May 2006

Three Debian Security Advisories: 1. DSA 1071-1 - New MySQL 3.23 packages fix several vulnerabilities 2. DSA 1072-1 - New Nagios packages fix arbitrary code execution 3. DSA 1073-1 - New MySQL 4.1 packages fix several vulnerabilities

ID: 00367
Ref: 360/2006
Date: 23 May 2006:11:23:02
Version: 1
Title: Three Debian Security Advisories: 1. DSA 1071-1 - New MySQL 3.23 packages fix several vulnerabilities 2. DSA 1072-1 - New Nagios packages fix arbitrary code execution 3. DSA 1073-1 - New MySQL 4.1 packages fix several vulnerabilities
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian

Title
=====

Three Debian Security Advisories:

1. DSA 1071-1 - New MySQL 3.23 packages fix several vulnerabilities

2. DSA 1072-1 - New Nagios packages fix arbitrary code execution

3. DSA 1073-1 - New MySQL 4.1 packages fix several vulnerabilities

Detail
======

1. Several vulnerabilities have been discovered in MySQL, a popular SQL
database.

2. A buffer overflow has been discovered in nagios, a host, service and
network monitoring and management system, that could be exploited by
remote attackers to execute arbitrary code.

3. Several vulnerabilities have been discovered in MySQL, a popular SQL
database.




1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1071-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 22nd, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : mysql
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
BugTraq ID : 16850 17780
Debian Bugs : 366044 366049 366163

Several vulnerabilities have been discovered in MySQL, a popular SQL
database. The Common Vulnerabilities and Exposures Project identifies
the following problems:

CVE-2006-0903

Improper handling of SQL queries containing the NULL character
allow local users to bypass logging mechanisms.

CVE-2006-1516

Usernames without a trailing null byte allow remote attackers to
read portions of memory.

CVE-2006-1517

A request with an incorrect packet length allows remote attackers
to obtain sensitive information.

CVE-2006-1518

Specially crafted request packets with invalid length values allow
the execution of arbitrary code.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

woody sarge sid
mysql 3.23.49-8.15 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge2 n/a
mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a
mysql-dfsg-5.0 n/a n/a 5.0.21-3

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.dsc
Size/MD5 checksum: 879 21598d431082835b54d38a38c4cee858
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.diff.gz
Size/MD5 checksum: 88097 f3c76dbd7c85581fa5475cf79c03d5f8
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.15_all.deb
Size/MD5 checksum: 18728 4787fb8d534fccc0a75eef9886d653d1
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
Size/MD5 checksum: 1962992 a4cacebaadf9d5988da0ed1a336b48e6

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_alpha.deb
Size/MD5 checksum: 280046 0fcc437bffad77818f655f3d7bc08172
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_alpha.deb
Size/MD5 checksum: 781772 0805f9a947df42ceabcf7b5416313e5d
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_alpha.deb
Size/MD5 checksum: 165452 38ea22176049a8e13ce3b5116d35b102
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_alpha.deb
Size/MD5 checksum: 3637800 fa1cc6d356b0547eca7971a2bf59392f

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_arm.deb
Size/MD5 checksum: 240550 b431eb6813bf479a158c5b907e1d7c70
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_arm.deb
Size/MD5 checksum: 637232 9e7a5f1cbeda0a88e87490e13334d01f
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_arm.deb
Size/MD5 checksum: 125784 be0adbfab6226363a69528e5f1e9f333
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_arm.deb
Size/MD5 checksum: 2809700 73b8ef668254a7ba6ceb2feff4b540d9

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_i386.deb
Size/MD5 checksum: 236716 fa80e65e6efb9a1f01f2832a82f9f905
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_i386.deb
Size/MD5 checksum: 578846 959e7c46425a7454f7fe0b198b40762e
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_i386.deb
Size/MD5 checksum: 124372 597d974c2470682b0f1de92271fdabbd
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_i386.deb
Size/MD5 checksum: 2802762 82fb998296316b7226d1f850eaa273a8

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_ia64.deb
Size/MD5 checksum: 317344 3d6a459ab7e69b4f0750a59a2d094758
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_ia64.deb
Size/MD5 checksum: 851348 c8e69d70baf65b1a4fbbb73bf00632a1
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_ia64.deb
Size/MD5 checksum: 175632 796a940396042f2bcaddea018ede0d51
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_ia64.deb
Size/MD5 checksum: 4002688 67622e35054325460cdd6394a9e4dfc8

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_hppa.deb
Size/MD5 checksum: 282948 29bc465081e3f6dec23d03a13f75398a
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_hppa.deb
Size/MD5 checksum: 746560 4fd1b58b087205fe1765ad9a51f93a8e
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_hppa.deb
Size/MD5 checksum: 142410 6d5e857627d9bda09f5ae17a1fe13c8b
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_hppa.deb
Size/MD5 checksum: 3516934 db9c3c9c1cec3fac8b7001bdd9faf35a

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_m68k.deb
Size/MD5 checksum: 229876 c003c14ea7a782d36a2bbc236833233e
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_m68k.deb
Size/MD5 checksum: 559992 b7d8bac43dbe0beafc7144ed86d6e5ac
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_m68k.deb
Size/MD5 checksum: 120210 7581609f153cf2ac84a21bb29f764a78
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_m68k.deb
Size/MD5 checksum: 2649814 51d9886ff911f0759f31fec56caab4c1

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mips.deb
Size/MD5 checksum: 253148 70974b32fbed73a10eaccebfad27ad6a
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mips.deb
Size/MD5 checksum: 691458 f03714859bb5e48357dee35f1cbd4825
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mips.deb
Size/MD5 checksum: 135674 efc3f06dd8a7251d931eacce61300011
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mips.deb
Size/MD5 checksum: 2852048 6bc57fb54a11f7f3940d72b2a2692ec5

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mipsel.deb
Size/MD5 checksum: 252828 b8f8b9a9eec8937f6b8affc4adc27613
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mipsel.deb
Size/MD5 checksum: 690894 ba822c97fbb74a3eb4d12fc6cbb6f1b4
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mipsel.deb
Size/MD5 checksum: 136026 d0ab4e4118754fd62abfed7de2d657de
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mipsel.deb
Size/MD5 checksum: 2841334 ce1ac81fed6b0866c27421ce8762cd56

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_powerpc.deb
Size/MD5 checksum: 249906 6a8e1eabc665780bef0cfcd02f80bd40
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_powerpc.deb
Size/MD5 checksum: 655160 683b9da469a9fbf322070fd14d604620
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_powerpc.deb
Size/MD5 checksum: 131254 9caa84083ac02d3f42e8db1b01f335a6
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_powerpc.deb
Size/MD5 checksum: 2826740 9aae136488c4a46027f2e873d530e588

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_s390.deb
Size/MD5 checksum: 252176 40e38e7ead56c32e9bb97623525bf637
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_s390.deb
Size/MD5 checksum: 610058 f5fdde465807c3fb1158013d2b78efce
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_s390.deb
Size/MD5 checksum: 128222 2def1019311f8c90d5be16f34f1c1a0b
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_s390.deb
Size/MD5 checksum: 2694420 85e5072479f5eb881d94465b47ff25a1

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_sparc.deb
Size/MD5 checksum: 243122 362233b968a81c7e6c5dc3d5f150ee47
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_sparc.deb
Size/MD5 checksum: 618384 a246d3b87d68ab7ad7c50a81fd9a7323
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_sparc.deb
Size/MD5 checksum: 132200 fd8be426a84c6657d1c5e2591196e1d8
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_sparc.deb
Size/MD5 checksum: 2943524 403784da03722d525674901acdea685a


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEcYSnW5ql+IAeqTIRApjCAKCX+zhfxcK6/y1emS0jGtwbfP3T+wCfSyzF
pn0AvObDJ3l02pPx9loQ/98=
=q4Ar
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1072-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 22nd, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : nagios
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2162 CVE-2006-2489
BugTraq ID : 17879
Debian Bugs : 366682 366683 368193

A buffer overflow has been discovered in nagios, a host, service and
network monitoring and management system, that could be exploited by
remote attackers to execute arbitrary code.

The old stable distribution (woody) does not contain nagios packages.

For the stable distribution (sarge) this problem has been fixed in
version 1.3-cvs.20050402-2.sarge.2.

For the unstable distribution (sid) this problem has been fixed in
version 1.4-1 and 2.3-1.

We recommend that you upgrade your nagios package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402-2.sarge.2.dsc
Size/MD5 checksum: 1039 694c98817377c2543f7cbb2394393bd0
http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402-2.sarge.2.diff.gz
Size/MD5 checksum: 66757 72ca6d7f396866977e652382a6bfcf98
http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402.orig.tar.gz
Size/MD5 checksum: 1621251 0f92b7b8e705411b7881d3650cbb5d56

Architecture independent components:

http://security.debian.org/pool/updates/main/n/nagios/nagios-common_1.3-cvs.20050402-2.sarge.2_all.deb
Size/MD5 checksum: 1219662 6a21c58772ac08522c2531d8c5ecca4a

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_alpha.deb
Size/MD5 checksum: 1147460 7fcd6546d3a0206f18b93462920ea29c
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_alpha.deb
Size/MD5 checksum: 1157992 065ebde50a7b7f0a6710b6d689f387e5
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_alpha.deb
Size/MD5 checksum: 1145660 4353ddbb85f925017e5911a9fa37db63

AMD64 architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_amd64.deb
Size/MD5 checksum: 983938 809afc6ce7d9e42166cd3451b4b8542a
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_amd64.deb
Size/MD5 checksum: 997036 45f0788a6a65507909307afdde5dc60e
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_amd64.deb
Size/MD5 checksum: 976382 cb90bd0e1d3078134f5d34e18baf69bf

ARM architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_arm.deb
Size/MD5 checksum: 913882 6bc1ab8ea6cdfb0e207307667038ef7c
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_arm.deb
Size/MD5 checksum: 922130 931908b8890d6148cbea6876efe3606d
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_arm.deb
Size/MD5 checksum: 911846 99440ed7c9864ab25c3a78fa1c0fb7cd

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_i386.deb
Size/MD5 checksum: 907244 0fa6e558f7a36bd033de14c7cd6bc0ea
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_i386.deb
Size/MD5 checksum: 917562 002a0b32645c6908dff16450a736d98b
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_i386.deb
Size/MD5 checksum: 901784 b4a2969dd4037584e217f0e991fb640d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_ia64.deb
Size/MD5 checksum: 1387896 6a81f88fc00a85e97be3bee098a9dc57
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_ia64.deb
Size/MD5 checksum: 1397740 d69dee784d63316eb0cb9519c4d583c4
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_ia64.deb
Size/MD5 checksum: 1393984 dce336118b278ad8f46607a39f4d2d4f

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_hppa.deb
Size/MD5 checksum: 1007762 8b0848ce1a8e0841c6cd83c3c50b8772
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_hppa.deb
Size/MD5 checksum: 1018216 3a5ab06a2d02901f00100b8fc8ea77fa
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_hppa.deb
Size/MD5 checksum: 1003752 1e8915270658b681255e4f7a79751040

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_m68k.deb
Size/MD5 checksum: 740028 7a12417cac0405e95e630087c4cd9b80
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_m68k.deb
Size/MD5 checksum: 744576 669c52d43617eca8f4ce7684a8e68b81
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_m68k.deb
Size/MD5 checksum: 733424 dc5bad1b6f0efc81201c76dc2765f2b1

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_mips.deb
Size/MD5 checksum: 1010016 75380f88a537d517b50b58f3f2e8b840
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mips.deb
Size/MD5 checksum: 1015648 b5c3babedba38222751251349534e265
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_mips.deb
Size/MD5 checksum: 998780 e3ff559fc8e53a2e9467fe2c372d8965

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_mipsel.deb
Size/MD5 checksum: 1002950 1034cd8b7b0d65870951574aca531f2a
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mipsel.deb
Size/MD5 checksum: 1007744 ffdcb52a2be9188f61548cf3deddffff
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_mipsel.deb
Size/MD5 checksum: 993148 10ed0de7a328d2991320380b2de79a23

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_powerpc.deb
Size/MD5 checksum: 993574 d865bb05c0d751afd9ba73733a124202
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_powerpc.deb
Size/MD5 checksum: 1001728 d1fa961b067fe817cfa36ebd03df0b3b
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_powerpc.deb
Size/MD5 checksum: 970390 231503ad8b6898462eaa1b7d514779be

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_s390.deb
Size/MD5 checksum: 883538 c25cce732833d28a634b398416b2f3dd
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_s390.deb
Size/MD5 checksum: 888666 35e2cfafffbb7658eb4e4d08fe83a6c5
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_s390.deb
Size/MD5 checksum: 872492 5b07e7ffbc8a61952b65df843607ba3f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_sparc.deb
Size/MD5 checksum: 896818 e028db2f37ba703be10be8fd32ef0f74
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_sparc.deb
Size/MD5 checksum: 904720 47c34b7e42e885958cc88e13a8bebcab
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_sparc.deb
Size/MD5 checksum: 894698 c0029aa776994f29755686b3ae000b78


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEcdLgW5ql+IAeqTIRAgnLAJ0ZL3Td5n4vyyYx73flt65mPQrgcgCeKO/c
AMOqGbCfK+y7ist4BSVHS3I=
=EgrY
- -----END PGP SIGNATURE-----



3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1073-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 22nd, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : mysql-dfsg-4.1
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
CERT advisory : VU#602457
BugTraq IDs : 16850 17780
Debian Bugs : 366043 366048 366162

Several vulnerabilities have been discovered in MySQL, a popular SQL
database. The Common Vulnerabilities and Exposures Project identifies
the following problems:

CVE-2006-0903

Improper handling of SQL queries containing the NULL character
allow local users to bypass logging mechanisms.

CVE-2006-1516

Usernames without a trailing null byte allow remote attackers to
read portions of memory.

CVE-2006-1517

A request with an incorrect packet length allows remote attackers
to obtain sensitive information.

CVE-2006-1518

Specially crafted request packets with invalid length values allow
the execution of arbitrary code.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

woody sarge sid
mysql 3.23.49-8.15 n/a n/a
mysql-dfsg n/a 4.0.24-10sarge2 n/a
mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a
mysql-dfsg-5.0 n/a n/a 5.0.21-3

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.dsc
Size/MD5 checksum: 1029 fe1531d1b5169733638e64b98a0f2472
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.diff.gz
Size/MD5 checksum: 166194 9ebbc861250d2e411a5e35cb7fc7fa6b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge3_all.deb
Size/MD5 checksum: 36074 dfb28c5169a7eaffd8fe72748a4a8a44

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_alpha.deb
Size/MD5 checksum: 1590330 f982bc8df8b3ff88b6284e81223d69b5
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_alpha.deb
Size/MD5 checksum: 7965144 881d5404f897d454100ee9a0b758b22b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_alpha.deb
Size/MD5 checksum: 1000496 30eb22210f99994481d1cb8d0f49ea70
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_alpha.deb
Size/MD5 checksum: 17487728 c0a3b1d60dd487ae9d468dc7052c4c1b

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_amd64.deb
Size/MD5 checksum: 1451580 f407ef8b6c520b23020df6f8ce4495aa
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_amd64.deb
Size/MD5 checksum: 5551440 d1ded46c8b586cdee728fab22180208f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_amd64.deb
Size/MD5 checksum: 849082 9161807c8c260e7e0e2cd0cb9fa3a79d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_amd64.deb
Size/MD5 checksum: 14711044 d2d9275ff03c2c04adb64658a7e78564

ARM architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_arm.deb
Size/MD5 checksum: 1388548 d823fd3ad8b1c5d54bfd7dbfc0957809
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_arm.deb
Size/MD5 checksum: 5558362 4f49eae43b10441c852a91f02d9383fc
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_arm.deb
Size/MD5 checksum: 836292 8616c375f5da29fac8c75081475390e8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_arm.deb
Size/MD5 checksum: 14557420 ac1dd6ea1d457a55f0920cf5367df57a

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_i386.deb
Size/MD5 checksum: 1417574 c6bdb99fa2ab2def5403bfd97657b3bf
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_i386.deb
Size/MD5 checksum: 5643226 a407082ba8a04f1753f70fe9c8e3f70c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_i386.deb
Size/MD5 checksum: 830226 997baad8b8255166dfebd155f24c7558
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_i386.deb
Size/MD5 checksum: 14557608 c73ddde57d286c9df3742d5fd619281b

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_ia64.deb
Size/MD5 checksum: 1712842 eef94aab0159f71a9fd90772f91b4a76
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_ia64.deb
Size/MD5 checksum: 7782132 755cc9d914f6ae116d5540920bf8dc99
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_ia64.deb
Size/MD5 checksum: 1050204 b2ee7722223cb450f866ce69852fe304
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_ia64.deb
Size/MD5 checksum: 18475254 c72ffcb6e1e7796b466950aceae48bb3

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_hppa.deb
Size/MD5 checksum: 1550772 a7627788d338b1ee32017bbafcdd1bcd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_hppa.deb
Size/MD5 checksum: 6249776 3d4fc83da65ac4fe5a4b6135a20debf8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_hppa.deb
Size/MD5 checksum: 909638 ebf27138ed29103d90e6be0f5a8e28a0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_hppa.deb
Size/MD5 checksum: 15791200 3be40e327c9c309556f9b767fe6b8e58

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_m68k.deb
Size/MD5 checksum: 1397530 e0e5f01d008cd40ee38b7e7a30f5d69e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_m68k.deb
Size/MD5 checksum: 5283788 d4186f7a2c0c231d4376087a51b74a5a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_m68k.deb
Size/MD5 checksum: 803448 772bd59ae1d8ea5af95dc2b416661608
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_m68k.deb
Size/MD5 checksum: 14071540 766cce55819838830b209a23b343c5c2

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mips.deb
Size/MD5 checksum: 1478502 618699397eb82eead99acf01c4d25f59
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mips.deb
Size/MD5 checksum: 6052694 7fe59dab19ac323389bdbefefcb2f472
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mips.deb
Size/MD5 checksum: 904080 d140aaa93ad6fc52372b6860f5196685
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mips.deb
Size/MD5 checksum: 15410072 ffd30ff403a343eda1467d543a9485bc

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mipsel.deb
Size/MD5 checksum: 1445934 a5642a17a417b705c53b6689727f28d9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mipsel.deb
Size/MD5 checksum: 5971150 cb94a8fac63741d802344a41758108e1
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mipsel.deb
Size/MD5 checksum: 889688 bf8b2046d3da235c9717342c0fe802d7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mipsel.deb
Size/MD5 checksum: 15104986 c67d26b51c37892ced55a971c3e2ed73

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_powerpc.deb
Size/MD5 checksum: 1476442 b6365d6bef0817718550fd344151b3a6
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_powerpc.deb
Size/MD5 checksum: 6027254 cb0be5d5ff7180c0e36850a69a5159c6
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_powerpc.deb
Size/MD5 checksum: 906982 23b1bb52a6df22e84f3677e3eec0c0b4
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_powerpc.deb
Size/MD5 checksum: 15402586 2af7f90038dbb3f60cc1c62c159ff18e

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_s390.deb
Size/MD5 checksum: 1538088 68fd210fd6eb741baa8ae48540ce696c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_s390.deb
Size/MD5 checksum: 5461222 0734f9fec16ab4b2aa96bc53fb68fdae
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_s390.deb
Size/MD5 checksum: 883848 4cf9f929345df7259c78b731a8eda589
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_s390.deb
Size/MD5 checksum: 15055130 883b34ff52b3fffdf62845cabe5a99c4

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_sparc.deb
Size/MD5 checksum: 1460258 513bb61a8a20c6eb55722b37a21010eb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_sparc.deb
Size/MD5 checksum: 6207684 b6191cb684d4d7057d5577840d932d6d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_sparc.deb
Size/MD5 checksum: 867786 a695ec3e218569ce84ad39413e113123
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_sparc.deb
Size/MD5 checksum: 15391404 79c1c0e272f8f21b9b72486945104400


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEceD5W5ql+IAeqTIRAgMXAJ9HEJIeepWNbNODO+eYZ4U6Nix4cACgrca3
Z4KxnuPVh9m6XDvu0An6fM4=
=4K+c
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |