Säkerhetsbulletin från Debian
DSA-647-1 mysql -- osäkra temporära filer
- Rapporterat den:
- 2005-01-19
- Berörda paket:
- mysql
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2005-0004.
- Ytterligare information:
-
Javier Fernandez-Sanguino Peña från Debians säkerhetsgranskningsprojekt upptäckte sårbara temporära filer i skriptet mysqlaccess från MySQL, vilket kunde göra det möjligt för en oprivilegierad användare att få root att skriva över godtyckliga filer genom att attackera symboliska länkar och kunde dessutom röja innehållet i en temporär fil som kunde innehålla känslig information.
För den stabila utgåvan (Woody) har detta problem rättats i version 3.23.49-8.9.
För den instabila utgåvan (Sid) har detta problem rättats i version 4.0.23-3 av mysql-dfsg samt i version 4.1.8a-6 av mysql-dfsg-4.1.
Vi rekommenderar att ni uppgraderar era mysql-paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.dsc
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.diff.gz
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.9_all.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.