98292 2003-04-10 06:14 /81 rader/ WireX Security <security@wirex.com>
Importerad: 2003-04-10 06:14 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4431>
Ärende: Immunix Secured OS 7+ MySQL update
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: mysql
mysqlclient9
Affected products: 7+
Bugs fixed: CAN-2002-1373
CAN-2002-1374
CAN-2002-1375
CAN-2002-1376
Date: Tue Apr 8 2003
Advisory ID: IMNX-2003-7+-008-01
Author: Alan Olsen
-----------------------------------------------------------------------
Description:
There have been a number of vulnerabilities found in MySQL and the MySQL
Client package.
Unfortunately, Immunix does not protect against all of these
problems. Our recomendation is to upgrade these packages
immediately.
CAN-2002-1373 Signed integer vulnerability in the COM_TABLE_DUMP
package for MySQL 3.23.x before 3.23.54 allows remote attackers to
cause a denial of service (crash or hang) in mysqld by causing
large negative integers to be provided to a memcpy call.
CAN-2002-1374 The COM_CHANGE_USER command in MySQL 3.x before
3.23.54, and 4.x before 4.0.6, allows remote attackers to gain
privileges via a brute force attack using a one-character
password, which causes MySQL to only compare the provided password
against the first character of the real password.
CAN-2002-1375 The COM_CHANGE_USER command in MySQL 3.x before
3.23.54, and 4.x to 4.0.6, allows remote attackers to execute
arbitrary code via a long response.
CAN-2002-1376 libmysqlclient client library in MySQL 3.x to
3.23.54, and 4.x to 4.0.6, does not properly verify length fields
for certain responses in the (1) read_rows or (2) read_one_row
routines, which allows remote attackers to cause a denial of
service and possibly execute arbitrary code.
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-3.23.54a-3.70_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-devel-3.23.54a-3.70_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-server-3.23.54a-3.70_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysqlclient9-3.23.22-8_imnx_1.i386.rpm
Immunix OS 7+ md5sums:
6663ff1a67627810d06c82f667f199fc mysql-3.23.54a-3.70_imnx_1.i386.rpm
997db1d0e02aabc1da5aac79f3120e2e mysql-devel-3.23.54a-3.70_imnx_1.i386.rpm
728f760e70b718fd29e4e14027e9070e mysql-server-3.23.54a-3.70_imnx_1.i386.rpm
7055336008114ceec23872238412882d mysqlclient9-3.23.22-8_imnx_1.i386.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
(98292) /WireX Security <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 98293
98293 2003-04-10 06:14 /9 rader/ WireX Security <security@wirex.com>
Bilagans filnamn: "signature.asc"
Importerad: 2003-04-10 06:14 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4432>
Bilaga (text/plain) till text 98292
Ärende: Bilaga (signature.asc) till: Immunix Secured OS 7+ MySQL update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA+lPUjVQcWL60UVMsRAvWsAKCHraiPmTjHJQFPxsUVZ8jWcDgA7gCfX36z
BPstSr4dgTRCC+lXZyxylJI=
=oDzM
-----END PGP SIGNATURE-----
(98293) /WireX Security <security@wirex.com>/-------
98617 2003-04-12 11:05 /81 rader/ WireX Security Team <security@wirex.com>
Importerad: 2003-04-12 11:05 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4482>
Ärende: Immunix Secured OS 7+ MySQL update
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: mysql
mysqlclient9
Affected products: 7+
Bugs fixed: CAN-2002-1373
CAN-2002-1374
CAN-2002-1375
CAN-2002-1376
Date: Tue Apr 8 2003
Advisory ID: IMNX-2003-7+-008-01
Author: Alan Olsen
-----------------------------------------------------------------------
Description:
There have been a number of vulnerabilities found in MySQL and the MySQL
Client package.
Unfortunately, Immunix does not protect against all of these
problems. Our recomendation is to upgrade these packages
immediately.
CAN-2002-1373 Signed integer vulnerability in the COM_TABLE_DUMP
package for MySQL 3.23.x before 3.23.54 allows remote attackers to
cause a denial of service (crash or hang) in mysqld by causing
large negative integers to be provided to a memcpy call.
CAN-2002-1374 The COM_CHANGE_USER command in MySQL 3.x before
3.23.54, and 4.x before 4.0.6, allows remote attackers to gain
privileges via a brute force attack using a one-character
password, which causes MySQL to only compare the provided password
against the first character of the real password.
CAN-2002-1375 The COM_CHANGE_USER command in MySQL 3.x before
3.23.54, and 4.x to 4.0.6, allows remote attackers to execute
arbitrary code via a long response.
CAN-2002-1376 libmysqlclient client library in MySQL 3.x to
3.23.54, and 4.x to 4.0.6, does not properly verify length fields
for certain responses in the (1) read_rows or (2) read_one_row
routines, which allows remote attackers to cause a denial of
service and possibly execute arbitrary code.
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-3.23.54a-3.70_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-devel-3.23.54a-3.70_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysql-server-3.23.54a-3.70_imnx_1.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/mysqlclient9-3.23.22-8_imnx_1.i386.rpm
Immunix OS 7+ md5sums:
6663ff1a67627810d06c82f667f199fc mysql-3.23.54a-3.70_imnx_1.i386.rpm
997db1d0e02aabc1da5aac79f3120e2e mysql-devel-3.23.54a-3.70_imnx_1.i386.rpm
728f760e70b718fd29e4e14027e9070e mysql-server-3.23.54a-3.70_imnx_1.i386.rpm
7055336008114ceec23872238412882d mysqlclient9-3.23.22-8_imnx_1.i386.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
(98617) /WireX Security Team <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 98618
98618 2003-04-12 11:05 /9 rader/ WireX Security Team <security@wirex.com>
Bilagans filnamn: "signature.asc"
Importerad: 2003-04-12 11:05 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4483>
Bilaga (text/plain) till text 98617
Ärende: Bilaga (signature.asc) till: Immunix Secured OS 7+ MySQL update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA+lRo8VQcWL60UVMsRAlQoAJsEcKDtr2ofxs9C/+B+LK0LAVEWbwCcC8z5
7VVosTg0m4C+SUVMG8k1IJc=
=ibY1
-----END PGP SIGNATURE-----
(98618) /WireX Security Team <security@wirex.com>/--