exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 588-2

Ubuntu Security Notice 588-2
Posted Apr 3, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 588-2 - USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for Ubuntu 6.06, additional improvements were made to make privilege checks more restrictive. As a result, an upstream bug was exposed which could cause operations on tables or views in a different database to fail. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-2692, CVE-2006-7232, CVE-2007-6303, CVE-2008-0226, CVE-2008-0227
SHA-256 | 7b3e0c3b9aac237bc56c8aa95c0492465ee731361e13d7ca3e16a16caaa29be0

Ubuntu Security Notice 588-2

Change Mirror Download
=========================================================== 
Ubuntu Security Notice USN-588-2 April 02, 2008
mysql-dfsg-5.0 regression
https://launchpad.net/bugs/209699
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.9

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for
Ubuntu 6.06, additional improvements were made to make privilege checks
more restictive. As a result, an upstream bug was exposed which could
cause operations on tables or views in a different database to fail. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Masaaki Hirose discovered that MySQL could be made to dereference
a NULL pointer. An authenticated user could cause a denial of service
(application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)

Alexander Nozdrin discovered that MySQL did not restore database access
privileges when returning from SQL SECURITY INVOKER stored routines. An
authenticated user could exploit this to gain privileges. This issue
does not affect Ubuntu 7.10. (CVE-2007-2692)

Martin Friebe discovered that MySQL did not properly update the DEFINER
value of an altered view. An authenticated user could use CREATE SQL
SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges.
(CVE-2007-6303)

Luigi Auriemma discovered that yaSSL as included in MySQL did not
properly validate its input. A remote attacker could send crafted
requests and cause a denial of service or possibly execute arbitrary
code. This issue did not affect Ubuntu 6.06 in the default installation.
(CVE-2008-0226, CVE-2008-0227)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.diff.gz
Size/MD5: 155085 f8c7ef90adb69cf67cc6366612b63d48
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.dsc
Size/MD5: 1114 d305551acc1c106afc8fcea708bf7748
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
Size/MD5: 18446645 2b8f36364373461190126817ec872031

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 38560 ba617aed9cc0de2b3ab0bb27e4b73208
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 41108 c5723e8875ec8ec61bc3e35d279b0785
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 38564 4c87c774aa76333f9b6ce71be03abd9e

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 6727828 250a0dc849c954205639795ead8c913c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 1423476 81fa43f4bcdaa9721311dd9cd7977713
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 6897250 ee100a247642429c58c20cf501da925d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 22493122 6c8dc59d6b0f8885bdc08e72f7aef6b6

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 6141858 992e52adad73209d80bab70f7fb22d46
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 1383980 fcbf70966d6875c053e30e153b610991
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 6279892 cb5107c59d51513dc3b7d89ef64c2de1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 21351224 84fe07a8a90d1d7bdefcdfa8bf34bc55

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 6885504 86e9ad51262265b596bf490ce3c46a2d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 1463828 6a87ebba2667b07ca253b7bc3772d91e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 6943956 f8630ffc208f766da49a1628076830b6
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 22706410 6e44a8947af147ac14a15fdd66e80bfd

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 6433916 dea5c30c9bc61cf362cfbb7cb692a280
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 1435924 5da529e0936388dc5584deb4155ba390
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 6538958 4e658a8fca75f30eeafbfff2a2bffa9c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 21972902 4d273677401e7896b4e65d8fc9996ce5


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close