Your message dated Sat, 12 Mar 2005 11:02:22 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#299029: fixed in mysql-dfsg 4.0.24-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Mar 2005 09:23:28 +0000
>From [EMAIL PROTECTED] Fri Mar 11 01:23:27 2005
Return-path: <[EMAIL PROTECTED]>
Received: from moutng.kundenserver.de [212.227.126.186]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D9gMg-0003eP-00; Fri, 11 Mar 2005 01:23:27 -0800
Received: from bitz8.bitz.briteline.de[195.90.9.8] (helo=anton)
by mrelayeu.kundenserver.de with ESMTP (Nemesis),
id 0ML21M-1D9gMf2xsC-0003BV; Fri, 11 Mar 2005 10:23:25 +0100
Received: by anton (Postfix, from userid 2028)
id 38EB7B72BC; Fri, 11 Mar 2005 10:23:25 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Mysql insecure temporary file creation with CREATE TEMPORARY TABLE
privilege
escalation
X-Mailer: reportbug 2.26.1.1.200308291454
Date: Fri, 11 Mar 2005 10:23:25 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Provags-ID: kundenserver.de [EMAIL PROTECTED]
login:4ad79d65ac46f2345c6ef2e856c1d9ef
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: mysql-dfsg
Version: unavailable; reported 2005-03-11
Severity: grave
Tags: security
Stefano Di Paola discovered that MySQL is vulnerable to a symlink attack
if an authenticated user has CREATE TEMPORARY TABLE privileges on any
existent database.
There does not seem to be a CVE assignment yet.
The full advisory can be found at:
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html
The advisory claims that MySQL has released a fix, and new upstream
releases (4.0.24 and 4.1.10a), which haven't appeared on mysql.com
yet.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]
---------------------------------------
Received: (at 299029-close) by bugs.debian.org; 12 Mar 2005 16:08:04 +0000
>From [EMAIL PROTECTED] Sat Mar 12 08:08:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DA99n-0007Vq-00; Sat, 12 Mar 2005 08:08:03 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DA94I-0001UH-00; Sat, 12 Mar 2005 11:02:22 -0500
From: Christian Hammers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#299029: fixed in mysql-dfsg 4.0.24-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 12 Mar 2005 11:02:22 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 6
Source: mysql-dfsg
Source-Version: 4.0.24-1
We believe that the bug you reported is fixed in the latest version of
mysql-dfsg, which is due to be installed in the Debian FTP archive:
libmysqlclient12-dev_4.0.24-1_i386.deb
to pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-1_i386.deb
libmysqlclient12_4.0.24-1_i386.deb
to pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-1_i386.deb
mysql-client_4.0.24-1_i386.deb
to pool/main/m/mysql-dfsg/mysql-client_4.0.24-1_i386.deb
mysql-common_4.0.24-1_all.deb
to pool/main/m/mysql-dfsg/mysql-common_4.0.24-1_all.deb
mysql-dfsg_4.0.24-1.diff.gz
to pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-1.diff.gz
mysql-dfsg_4.0.24-1.dsc
to pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-1.dsc
mysql-dfsg_4.0.24.orig.tar.gz
to pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
mysql-server_4.0.24-1_i386.deb
to pool/main/m/mysql-dfsg/mysql-server_4.0.24-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hammers <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 3 Mar 2005 02:37:03 +0100
Source: mysql-dfsg
Binary: libmysqlclient12 mysql-client libmysqlclient12-dev mysql-server
mysql-common
Architecture: source i386 all
Version: 4.0.24-1
Distribution: unstable
Urgency: high
Maintainer: Christian Hammers <[EMAIL PROTECTED]>
Changed-By: Christian Hammers <[EMAIL PROTECTED]>
Description:
libmysqlclient12 - mysql database client library
libmysqlclient12-dev - mysql database development files
mysql-client - mysql database client binaries
mysql-common - mysql database common files (e.g. /etc/mysql/my.cnf)
mysql-server - mysql database server binaries
Closes: 208364 285044 294347 297772 298875 299029 299031 299065
Changes:
mysql-dfsg (4.0.24-1) unstable; urgency=high
.
* SECURITY:
- The following security related updates are addressed:
CAN-2005-XXX (temporary file creation with "CREATE TEMPORARY TABLE")
CAN-2005-XXX (arbitrary library injection in udf_init())
CAN-2005-XXX (arbitrary code execution via "CREATE FUNCTION")
Closes: #299029, #299031, #299065
* New Upstream Release.
- Fixes some server crash conditions.
- Upstream includes fix for TMPDIR overriding my.cnf tmpdir setting
Closes: #294347
- Fixes InnoDB error message. Closes: #298875
- Fixes resouce limiting. Closes: #285044
* Improved checking whether or not the server is alive in the init script
which should make it possible to run several mysqld instances in
different chroot environments. Closes: #297772
* Added -O3 and --with-mysqld-ldflags=-all-static as MySQL recommends to
build the server binary statically in order to gain about 13% more
performance (thanks to Marcin Kowalski).
* Added patch to let mysqld_safe react to signals (thanks to Erich
Schubert). Closes: #208364
* (Thanks to Sean Finney for doing a great share of work for this release!)
Files:
12b90f580654516bf10ab2b41837da87 923 misc optional mysql-dfsg_4.0.24-1.dsc
aed8f335795a359f32492159e3edfaa3 9923794 misc optional
mysql-dfsg_4.0.24.orig.tar.gz
ce1ea63eb78125376d25349885716015 89833 misc optional
mysql-dfsg_4.0.24-1.diff.gz
1457cadc641b1e5f4fb5810552358077 32588 misc optional
mysql-common_4.0.24-1_all.deb
6cbe2bf04614275350f87757cb6dc4ab 294422 libs optional
libmysqlclient12_4.0.24-1_i386.deb
fa2268a36ee7facac2e04bb77ae6237a 2920808 libdevel extra
libmysqlclient12-dev_4.0.24-1_i386.deb
4daf728749d91ab2e6eab4fd53dbc92e 413298 misc optional
mysql-client_4.0.24-1_i386.deb
df87ce5f1b2ea3216927302bec4cb398 3813564 misc optional
mysql-server_4.0.24-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iEYEARECAAYFAkIzB3AACgkQkR9K5oahGOaxKwCgrxK9mjqjlD/Sa2zSbs/lpFz3
+JoAnROIGkn9Bxp5z4ORJmBTudTcJUFL
=hnUM
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
