Alerta de Segurança Debian
DSA-562-1 mysql -- várias vulnerabilidades
- Data do Alerta:
- 11 Out 2004
- Pacotes Afetados:
- mysql
- Vulnerável:
- Sim
- Referência à base de dados de segurança:
- No dicionário CVE do Mitre: CVE-2004-0835, CVE-2004-0836, CVE-2004-0837.
- Informações adicionais:
-
Vários problemas foram descobertos no MySQL, um banco de dados SQL muito usado em servidores Unix. Os seguintes problemas foram identificados pelo Projeto de Vulnerabilidades e Exposições Comuns:
- CAN-2004-0835
Oleksandr Byelkin notou que ALTER TABLE ... RENAME verifica os direitos CREATE/INSERT da tabela antiga ao invés dos da nova.
- CAN-2004-0836
Lukasz Wojtow notou um estouro de buffer na função mysql_real_connect.
- CAN-2004-0837
Dean Ellis notou que vários threads alterando a mesma (ou diferente) tabela MERGE para alterar a UNION pode levar a uma quebra ou congelamento do servidor.
Para a distribuição estável (woody), estes problemas foram corrigidos na versão 3.23.49-8.8.
Para a distribuição instável (sid), estes problemas foram corrigidos na versão 4.0.21-1.
Nós recomendamos que você atualize seus pacotes mysql e relacionados e reinicie os servidores que se liguem com eles (por exemplo, Apache/PHP).
- CAN-2004-0835
- Corrigido em:
-
Debian GNU/Linux 3.0 (woody)
- Fonte:
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.8.dsc
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.8.diff.gz
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.8.diff.gz
- Componente independente de arquitetura:
- http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.8_all.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_sparc.deb
Checksums MD5 dos arquivos listados estão disponíveis no alerta original.