Ubuntu: MySQL vulnerabilities USN-588-1

=========================================================== 
Ubuntu Security Notice USN-588-1             March 19, 2008
mysql-dfsg-5.0 vulnerabilities
CVE-2006-7232, CVE-2007-2692, CVE-2007-6303, CVE-2008-0226,
CVE-2008-0227
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mysql-server-5.0                5.0.22-0ubuntu6.06.8

Ubuntu 6.10:
  mysql-server-5.0                5.0.24a-9ubuntu2.4

Ubuntu 7.04:
  mysql-server-5.0                5.0.38-0ubuntu1.4

Ubuntu 7.10:
  mysql-server-5.0                5.0.45-1ubuntu3.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Masaaki Hirose discovered that MySQL could be made to dereference
a NULL pointer. An authenticated user could cause a denial of service
(application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)

Alexander Nozdrin discovered that MySQL did not restore database access
privileges when returning from SQL SECURITY INVOKER stored routines. An
authenticated user could exploit this to gain privileges. This issue
does not affect Ubuntu 7.10. (CVE-2007-2692)

Martin Friebe discovered that MySQL did not properly update the DEFINER
value of an altered view. An authenticated user could use CREATE SQL
SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges.
(CVE-2007-6303)

Luigi Auriemma discovered that yaSSL as included in MySQL did not
properly validate its input. A remote attacker could send crafted
requests and cause a denial of service or possibly execute arbitrary
code. This issue did not affect Ubuntu 6.06 in the default installation.
(CVE-2008-0226, CVE-2008-0227)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   154026 cd5be852f614715c69ac54ad2d908007
          Size/MD5:     1114 38d198b9bc8f33d842c2d357993c9f3f
          Size/MD5: 18446645 2b8f36364373461190126817ec872031

  Architecture independent packages:

          Size/MD5:    38436 8749eaaabf09f33d085c85994ff207a8
          Size/MD5:    40978 fd1f742c531c1990eefc8f06028c343f
          Size/MD5:    38440 a13b593991c0ff0112d045e4436aeb3f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  6727526 dd790f5dcbce8f9d2a459946298ee6f9
          Size/MD5:  1423360 e44952b82afd0b764cd4462d61510b2f
          Size/MD5:  6897080 6157f55dd2d66f5ce1ca3c6864f93ff6
          Size/MD5: 22492504 208ed17bc66d59499214fe923c73e429

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  6141668 18fb4e3c6f0feb080cd9adf0a96c7c13
          Size/MD5:  1383858 48190b45874e9a9923a00a9b6f89ac67
          Size/MD5:  6279562 c5a4cf82a4bf174d1d857caccd9e01c0
          Size/MD5: 21350958 03334dcddd8b546b631509c01f81bdc1

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  6885298 8336b3f8c45f241a3f71f59354ab8a0e
          Size/MD5:  1463710 92e0812d91b71bc2ae7beb66b2bda18b
          Size/MD5:  6943888 3c0aa9ff8c8f2ef1b40fb6278a3583b2
          Size/MD5: 22706084 f134ac7c4e8f6cfb95cedf81e958b2df

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  6433816 11eda57c1f28e9cd0e2b14772403ca25
          Size/MD5:  1435808 811a6464115be73b44abb70f02a1df3f
          Size/MD5:  6540022 4c0acdb408fb02ec5660ecccf500354d
          Size/MD5: 21972800 4264cbb8642ce2e8adca9e47dd5a19f9

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   154689 ab96448b7abcb125d8d5ebebe42907ea
          Size/MD5:     1110 c8e843e37f3e922c1b86ae97ea3bfc54
          Size/MD5: 18663598 9641fcc4f34b4a2651d1aabb3b72a971

  Architecture independent packages:

          Size/MD5:    40954 31e72c9bb79de38033876bd00816ab79
          Size/MD5:    43580 d20b07d3608ca9b83cb9885cff2775ad
          Size/MD5:    40960 aa706899b66b8cc512c7c8d9548136cd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  7295672 f55453f4e85908a1d6b9d1109357de9c
          Size/MD5:  1816194 c36a2c8ed16e635d2eea6d7662425608
          Size/MD5:  7435818 5a2d0c15059211cce1de4e0f82392385
          Size/MD5: 25708420 7e60c1fb835bff6750b730beab5e75cd

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  6815064 423f1d427afc779d1f8bdbd68e6aec27
          Size/MD5:  1761640 a10763b2805445ded6e11d4f842e14f2
          Size/MD5:  6959522 560faad80017ed7295f9ef067d870665
          Size/MD5: 24940426 2c545d64eca0d0c4e5ac7d50c5d252c5

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  7437556 41c8fede4157bbcba9b06f5291a4b4c0
          Size/MD5:  1811112 c6058676b8d5a36a1df0a89a10be3b0d
          Size/MD5:  7473578 e7a3832e99c6e648447ac40638271b09
          Size/MD5: 26074650 1b947da25218b31ead7618de7777ff47

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  6944396 062ea54ee53ef2a1fdcef4298763b2d4
          Size/MD5:  1772706 4373bafcd1db25119ebae23dd1666997
          Size/MD5:  7049716 4a79d720b205161bb74423ec873cb3a2
          Size/MD5: 25305896 d31b97ccbb2890424fac9b312ed8d426

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:   160578 75c7f355dcedea217e8eb042f99cb807
          Size/MD5:     1209 ed05cf3e8608a3acdc39658006fe0dbe
          Size/MD5: 16602385 c661bce63e01401455c2273bfb170a8d

  Architecture independent packages:

          Size/MD5:    46546 8605101ef286847bc45f255cdc8f24b6
          Size/MD5:    55262 1d732cc5e14c3c8d3846fd6e9aa5cf99
          Size/MD5:    48622 e4cd52baa06d32d14312bbe8003fd6d6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  7452022 5d5cef49e1120b469c481f418a1d5f28
          Size/MD5:  1893334 9961759837da34d814488e226c7b20b6
          Size/MD5:  7852460 bb2ac69cd8a172936630dc0fa1151b25
          Size/MD5:    48648 007b1c1f29a83f6434219f21ff3868ea
          Size/MD5: 26509136 ce7ae9f91683aa497306f0c3355f9738

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  6954830 ee0c3d94e68ece26b2183ca32f13702a
          Size/MD5:  1835978 9268c19707b6d97b4dbd14658e19b56b
          Size/MD5:  7362762 ebcedc2e02907a227496041c20127168
          Size/MD5:    48646 224f1c250aa022939747ed3f768973de
          Size/MD5: 25745054 6b10f17322e701741fa4de61cff6c9ea

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  7655596 64ebaee274c8f3c5baec772d9dda92f1
          Size/MD5:  1919430 9f4d24d6b779f4706ff910d9385211cb
          Size/MD5:  7917390 292a7b20659e5da6111044fbc15765da
          Size/MD5:    48650 6b5b644018670879d1bc9ae36233fe9a
          Size/MD5: 26981330 2545c83b941173d32981ef46624f8f3d

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  7081086 80ab7f9898b912086dd08e4472d78d5b
          Size/MD5:  1840622 820652e7b2770027e1019accee85af9b
          Size/MD5:  7440550 aff3a279d0409602896babdb5299b2da
          Size/MD5:    48652 a50d8bcb60075ebb303acab5c34a8653
          Size/MD5: 26112162 8a883dee8769084473a05f7a5f26c118

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:   235063 6dc6f508f3075b440f5a503339e3902c
          Size/MD5:     1294 356792b5d95ea3741a3e8b7d50f01d99
          Size/MD5: 17801680 ab450aa2e9b89f3b4e01fd12375b1bee

  Architecture independent packages:

          Size/MD5:    48236 a808aa7a4ad9089044af222c49eef7fe
          Size/MD5:    56434 9b38c4284c05e003744953da6c9529fc
          Size/MD5:    50440 e9339c23ee2df4548f2eb71daba9280f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  7562478 436cdc0aafcb2ab153521ed63cea4027
          Size/MD5:  1916808 0eca5631ce7f81bf245f51fe8eb89182
          Size/MD5:  7995304 8abd871052f16b7e6d6d16ff4d3a9b28
          Size/MD5: 27571250 01a20860a015d9718a11f141ca0faca2

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  7042208 0eca07140a4fc84f868103d07d7dd156
          Size/MD5:  1867226 bb37c12a7b59cbd08f9c090a5a24adde
          Size/MD5:  7494176 f8b377e488a0f047b9cb911ec5487345
          Size/MD5: 26788480 f824fa09d29105e4bb215d58e25b7ee8

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  7760962 757819563db4e7a62c79043bd792a58c
          Size/MD5:  1949058 898085f122cd0e06f3e3b8f93a23fb2b
          Size/MD5:  8063962 16764fa002697238ecde9c76a82cf52e
          Size/MD5: 28021234 48cf4b03ab341e32626c975bd1bb1851

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  7171518 c8a3cc4f41404e68533e7637f8d5f502
          Size/MD5:  1877036 ed2bf67905c38a61ea2556702ac79360
          Size/MD5:  7582516 675baa5c5c8f5dbd0daa451927ac5185
          Size/MD5: 27138716 659efc3209f9a3be5c89b8ae3d05bb75
Ubuntu: MySQL vulnerabilities USN-588-1

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
