Debian-Sicherheitsankündigung
DSA-831-1 mysql-dfsg -- Pufferüberlauf
- Datum des Berichts:
- 30. Sep 2005
- Betroffene Pakete:
- mysql-dfsg
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 14509.
In Mitres CVE-Verzeichnis: CVE-2005-2558. - Weitere Informationen:
-
Ein Stack-basierter Pufferüberlauf wurde in der Funktion init_syms von MySQL entdeckt, einer beliebten Datenbank. Dieser ermöglicht entfernten authentifizierten Benutzern, die selbst definierte Funktionen erstellen können, beliebigen Code über ein langes »function_name«-Feld auszuführen. Die Möglichkeit, benutzerdefinierte Funktionen zu erstellen, wird normalerweise nicht an Benutzer vergeben, die nicht vertrauenswürdig sind.
Die folgende Verwundbarkeitsmatrix zeigt, in welcher Version von MySQL in der entsprechenden Distribution das Problem behoben wurde:
Woody Sarge Sid mysql 3.23.49-8.14 k.A. k.A. mysql-dfsg k.A. 4.0.24-10sarge1 4.0.24-10sarge1 mysql-dfsg-4.1 k.A. 4.1.11a-4sarge2 4.1.14-2 mysql-dfsg-5.0 k.A. k.A. 5.0.11beta-3 Wir empfehlen Ihnen, Ihre mysql-dfsg-Pakete zu aktualisieren.
- Behoben in:
-
Debian GNU/Linux 3.1 (sarge)
- Quellcode:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge1.dsc
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge1.diff.gz
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge1.diff.gz
- Architektur-unabhängige Dateien:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_arm.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_i386.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_mips.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_s390.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.