[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:46600] [Translate] [SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities

From: Seiji Kaneko <skaneko@xxxxxxxxxxxx>
Subject: [debian-users:46600] [Translate] [SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities
Date: Mon, 29 May 2006 21:23:41 +0900
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-original-to: debian-users@debian.or.jp
Message-id: <447AE7C0.40701@xxxxxxxxxxxx>
X-mail-count: 46600
User-agent: Thunderbird 1.5.0.2 (Macintosh/20060308)

かねこです。
URL 等は Debian-security-announce メーリングリストの元記事を確認
ください。

------>8------------>8------------>8------------>8------------>8-
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1079-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 29th, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mysql-dfsg
Vulnerability  : 複数
Problem type   : リモート
Debian-specific: いいえ
CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
CERT advisory  : VU#602457
BugTraq IDs    : 16850 17780
Debian Bugs    : 366044 366049 366163

複数の欠陥が、広く用いられている SQL データベース MySQL に発見されまし
た。The Common Vulnerabilities and Exposures Project は以下の問題を認識
しています。

CVE-2006-0903

    NULL 文字を含む SQL クエリの処理が不適切で、ローカルのユーザがログ機
    能を迂回することが可能です。

CVE-2006-1516

    後続の NULL 文字列を含まないユーザ名によって、リモートの攻撃者からメ
    モリの一部を読み取ることが可能です。

CVE-2006-1517

    不正な length 長を指定した特殊な形式の要求パケットにより、リモートの
    攻撃者が重要な情報を得ることが可能です。

CVE-2006-1518

    不正な length 長を指定した特殊な形式の要求パケットにより、任意のコー
    ドの実行が可能です。

以下が、各ディストリビューション対応で上記問題が修正された版の表です。

                   woody            sarge            sid
mysql            3.23.49-8.15        n/a             n/a
mysql-dfsg          n/a         4.0.24-10sarge2      n/a
mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
mysql-dfsg-5.0      n/a              n/a           5.0.21-3

直ぐに MySQL パッケージをアップグレードすることを勧めます。


アップグレード手順
------------------

wget url
        	でファイルを取得できます。
dpkg -i file.deb
                で参照されたファイルをインストールできます。

apt-get パッケージマネージャを用いている場合には、本メールのフッタ記載の
行を sources.list に加えて、

apt-get update
        を実行して内部データベースを更新し、
apt-get upgrade
        によって修正されたパッケージをインストールしてください。

本メールのフッタ記載の設定を自ホストの設定に加えることにより、自動更新を
行うこともできます。


Debian GNU/Linux 3.1 愛称 sarge
- --------------------------------

    ソースアーカイブ:



    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.dsc
      Size/MD5 checksum:      966 42f14bb83f832f0f88bdabb317f62df8
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.diff.gz
      Size/MD5 checksum:    98938 9aaf7d794c14faa63a05d7630f683383
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
      Size/MD5 checksum:  9923794 aed8f335795a359f32492159e3edfaa3

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge2_all.deb
      Size/MD5 checksum:    34566 f4aa726f5f9ec79e42799a40faabcf17

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_alpha.deb
      Size/MD5 checksum:   356730 97904c2a773bc61c643e4dce283a2862
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_alpha.deb
      Size/MD5 checksum:  4533478 8edafbc553d062864c4bb17cbca3211b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_alpha.deb
      Size/MD5 checksum:   520712 5883aef348e2eb1321b21051cdd604be
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_alpha.deb
      Size/MD5 checksum:  4890620 824e4c4c078ef73612fccbea7e209651

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_amd64.deb
      Size/MD5 checksum:   309490 c7943142f1f618987c87073c5893174e
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_amd64.deb
      Size/MD5 checksum:  3182676 e62cc19620500c5430447978b7e645c6
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_amd64.deb
      Size/MD5 checksum:   434022 55e3f43e8ac136951fc1b679df820cd1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_amd64.deb
      Size/MD5 checksum:  3878414 5ab561357abca1720b9942c9f8e78a4e

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_arm.deb
      Size/MD5 checksum:   288180 6869739c00a8151a181ec8cfffe1ec70
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_arm.deb
      Size/MD5 checksum:  2848430 945158edc0fba528a04f98170fe55921
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_arm.deb
      Size/MD5 checksum:   414176 8ecea50cf576d50bd5ceb6424915da52
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_arm.deb
      Size/MD5 checksum:  3482538 ae6cb51798ea91d7b6009dcd80a55e43

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_i386.deb
      Size/MD5 checksum:   296570 7cdd0f7a094215ab98249514031ef9a0
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_i386.deb
      Size/MD5 checksum:  2922132 84cffb8467493bcf0cf49ef3a21caa67
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_i386.deb
      Size/MD5 checksum:   415162 7bb2bfd6b9853d51abbf958eeed5b23f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_i386.deb
      Size/MD5 checksum:  3645982 b2d2991bee2e019a45cbaa39fa7e9f6b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_ia64.deb
      Size/MD5 checksum:   395396 b03b6af8b0e21c8e80bbc8d2ef5c7817
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_ia64.deb
      Size/MD5 checksum:  4472590 aa5afd6648c2034fd0d254100e2e42fc
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_ia64.deb
      Size/MD5 checksum:   562984 e357eebc432a81d9f8f4c94f365528d4
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_ia64.deb
      Size/MD5 checksum:  5328582 1f528438e2282f4b51c13932d70875fd

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_hppa.deb
      Size/MD5 checksum:   329948 864b11f30e86d7d2921caeda238f22f9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_hppa.deb
      Size/MD5 checksum:  3314390 12c74247254b89c93dc5aecf74c3249f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_hppa.deb
      Size/MD5 checksum:   456078 cf903d0dcb745d67f4ad66ad3a4b66f2
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_hppa.deb
      Size/MD5 checksum:  3947304 f8feb350cc9a6db2979d215ea6735bda

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_m68k.deb
      Size/MD5 checksum:   279504 9a202261b9627190d15ab5bb7e98d0e2
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_m68k.deb
      Size/MD5 checksum:  2665612 e49f8b011912473604c9df82047fd244
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_m68k.deb
      Size/MD5 checksum:   390304 d04f65d12c590a0239408e3293c80714
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_m68k.deb
      Size/MD5 checksum:  3293046 8a049030853d08742488a1e4dabc504d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mips.deb
      Size/MD5 checksum:   314170 41c279180276fcf8effa8573fe75a158
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mips.deb
      Size/MD5 checksum:  3182296 f9fe3b82095434f04871092f1431d2d1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mips.deb
      Size/MD5 checksum:   457290 19243ed43a65f65a3dee76657274f365
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mips.deb
      Size/MD5 checksum:  3813374 f71b04ee43e3629dd410dd72e0d1ac15

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mipsel.deb
      Size/MD5 checksum:   313862 ae441e9b7d18e9f5b16a01243f8a292b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mipsel.deb
      Size/MD5 checksum:  3170026 7fdcb95df46e805c350d1035e5e3534e
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mipsel.deb
      Size/MD5 checksum:   457296 fe2c3473cbcf10cbacb4a9606a8b285a
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mipsel.deb
      Size/MD5 checksum:  3800380 db0f0b418fb92dd9978fe75df5356fef

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_powerpc.deb
      Size/MD5 checksum:   315104 3f28badbf686cbff4a4905bdc507e31d
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_powerpc.deb
      Size/MD5 checksum:  3184308 8c986e6f386b84f960894575e557c6b7
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_powerpc.deb
      Size/MD5 checksum:   464662 d48488660fc50361bdb58dc446a67b89
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_powerpc.deb
      Size/MD5 checksum:  3842406 902b6725bcbf405d723f3bdb1f86b52b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_s390.deb
      Size/MD5 checksum:   324700 5e52e1cc8b4781dd510c0c36e54cef11
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_s390.deb
      Size/MD5 checksum:  2830282 e6dd53a143318bb922716105e9be4131
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_s390.deb
      Size/MD5 checksum:   442420 41c28b4e3e625278b6231be2c254e75c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_s390.deb
      Size/MD5 checksum:  3665834 d8283a9161d27bec024d5f24822847ae

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_sparc.deb
      Size/MD5 checksum:   304688 6e3e90483f30e8c1e002594b69bbd7f9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_sparc.deb
      Size/MD5 checksum:  3270002 eb343d64b0e0b4d0c2f6f2197148f3e9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_sparc.deb
      Size/MD5 checksum:   430014 568bcb494e04f9e47e419a9cc7a7c49b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_sparc.deb
      Size/MD5 checksum:  3821652 2714c3d57dd30d1ef31951d452660f7c


    これらのファイルは次の版の安定版リリース時そちらに移されます。

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

------>8------------>8------------>8------------>8------------>8-
-- 
Seiji Kaneko                         skaneko@xxxxxxxxxxxx
---------------------------------------------------------

Prev by Date: [debian-users:46599] [Translate] Debian Weekly News 2006-05-23
Next by Date: [debian-users:46601] [Translate] [SECURITY] [DSA 1080-1] New dovecot packages fix directory
Previous by thread: [debian-users:46599] [Translate] Debian Weekly News 2006-05-23
Next by thread: [debian-users:46601] [Translate] [SECURITY] [DSA 1080-1] New dovecot packages fix directory
Index(es):
- Date
- Thread