MySQL bei Debian

Rund um die Sicherheit des Systems und die Applikationen
floschi
Userprojekt
Userprojekt
Posts: 3247
Joined: 2002-07-18 08:13
Location: München

MySQL bei Debian

Post by floschi » 2003-05-16 12:36

- --------------------------------------------------------------------------
Debian Security Advisory DSA 303-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
May 15th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mysql
Vulnerability : privilege escalation
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0073, CAN-2003-0150

CAN-2003-0073: The mysql package contains a bug whereby dynamically allocated memory is freed more than once, which could be deliberately triggered by an attacker to cause a crash, resulting in a denial of service condition. In order to exploit this vulnerability, a valid username and password combination for access to the MySQL server is required.

CAN-2003-0150: The mysql package contains a bug whereby a malicious user, granted certain permissions within mysql, could create a configuration file which would cause the mysql server to run as root, or any other user, rather than the mysql user.

For the stable distribution (woody) both problems have been fixed in version 3.23.49-8.4.

The old stable distribution (potato) is only affected by CAN-2003-0150, and this has been fixed in version 3.22.32-6.4.

For the unstable distribution (sid), CAN-2003-0073 was fixed in version 4.0.12-2, and CAN-2003-0150 will be fixed soon.

We recommend that you update your mysql package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

sascha
Posts: 1325
Joined: 2002-04-22 23:08

Re: MySQL bei Debian

Post by sascha » 2003-05-16 21:27

Update verlief heute morgen einwandfrei :)

captaincrunch
Userprojekt
Userprojekt
Posts: 7066
Joined: 2002-10-09 14:30
Location: Dorsten

Re: MySQL bei Debian

Post by captaincrunch » 2003-05-16 22:55

Ich hätte fast vergessen, dass du ja erst kürzlich auf Debian umgestiegen ist, ansonsten wären problemlose Updates keinerlei Meldung mehr für dich wert ... ;)
DebianHowTo
echo "[q]sa[ln0=aln256%Pln256/snlbx]sb729901041524823122snlbxq"|dc