Ubuntu

[mysql] multiple vulnerabilities

Reported by disabled.user on 2007-11-27
274
Affects Status Importance Assigned to Milestone
mysql-dfsg-4.1 (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Edgy
Undecided
Unassigned
Feisty
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Undecided
Unassigned
mysql-dfsg-5.0 (Ubuntu)
Medium
Unassigned
Dapper
Medium
Jamie Strandboge
Edgy
Medium
Jamie Strandboge
Feisty
Medium
Jamie Strandboge
Gutsy
Medium
Jamie Strandboge
Hardy
Medium
Unassigned
mysql-dfsg-5.0 (tuXlab)
Undecided
Unassigned
mysql-dfsg-5.1 (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Edgy
Undecided
Unassigned
Feisty
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Undecided
Unassigned
mysql-dfsg (Ubuntu)
Unknown
Unassigned
Dapper
Undecided
Unassigned
Edgy
Undecided
Unassigned
Feisty
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Unknown
Unassigned

Bug Description

References:
[1] DSA-1413-1 (http://www.debian.org/security/2007/dsa-1413)
[2] Bug#163811

Quoting [1]:
"Several vulnerabilities have been found in the MySQL database packages
with implications ranging from unauthorized database modifications to
remotely triggered server crashes."

Accidently chosen tuXlab instead of Ubuntu (!§$"§$ mousewheel...).

Changed in mysql-dfsg-5.0:
status: New → Invalid
Changed in mysql-dfsg-5.1:
status: New → Invalid
Jamie Strandboge (jdstrand) wrote :

For mysql-dfsg-5.0, the following are fixed in Dapper - Hardy (http://www.ubuntu.com/usn/usn-528-1):
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782

And these are fixed in Gutsy and Hardy:
CVE-2007-2692
CVE-2007-3781

Jamie Strandboge (jdstrand) wrote :

Updates for CVE-2007-3781, CVE-2007-5925, CVE-2007-5969 are committed.

This leaves CVE-2007-2692 for Dapper -> Feisty

Changed in mysql-dfsg:
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Confirmed
assignee: jamie-strandboge → nobody
importance: Medium → Unknown
status: Confirmed → New
Changed in mysql-dfsg-5.0:
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Confirmed
status: Confirmed → Triaged
Jamie Strandboge (jdstrand) wrote :

Updates are now released for the above CVEs.

Let's leave this bug open for CVE-2007-2692, but please file future CVEs in new reports.

Changed in mysql-dfsg-5.1:
status: New → Invalid
status: New → Invalid
Jamie Strandboge (jdstrand) wrote :
Changed in mysql-dfsg-4.1:
status: New → Invalid
status: New → Invalid
status: New → Invalid
Changed in mysql-dfsg-5.0:
status: Triaged → Fix Released
status: New → Fix Released
Changed in mysql-dfsg-5.1:
status: New → Invalid
status: New → Invalid
Changed in mysql-dfsg-5.0:
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
Changed in mysql-dfsg:
status: New → Invalid
status: New → Invalid
Changed in mysql-dfsg:
status: New → Invalid
Changed in mysql-dfsg-5.0:
assignee: jamie-strandboge → nobody
Jamie Strandboge (jdstrand) wrote :

STATUS UPDATE

CVE-2007-2692 is not fixed in Debian Etch (and therefore the patch can't be used in Ubuntu releases). DSA-1413 omits part of the patch to sql/sql_db.cc and the test cases. If use the test cases from http://lists.mysql.com/commits/23650 against Etch, then it shows that Etch is still vulnerable. MDKSA-2007:243 does not address CVE-2007-2692. Investigating proper fix.

Changed in mysql-dfsg-5.0:
status: Triaged → In Progress
status: Triaged → In Progress
status: Triaged → In Progress
Jamie Strandboge (jdstrand) wrote :

This fix is part of a larger update and is available in -proposed. Please test and report results in bug #201009.

Changed in mysql-dfsg-5.0:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.38-0ubuntu1.4

---------------
mysql-dfsg-5.0 (5.0.38-0ubuntu1.4) feisty-security; urgency=low

  * no change build for -security upload

mysql-dfsg-5.0 (5.0.38-0ubuntu1.3) feisty-proposed; urgency=low

  * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
    handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
  * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
  * debian/patches/97_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
    length of input (LP: #186978).
  * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
    DEFINER VIEW and ALTER VIEW statements
  * debian/patches/98_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
    is non-NULL in sql_view.cc (LP: #185039)
  * debian/patches/99_view_fix-now.dpatch: update view.test and view.result to
    use a static year instead of now(). These tests are not part of the build
    but helps with qa-regression-testing
  * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
    routines
  * debian/patches/100_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
    when returning from stored routine by performing privilege checks in the
    execution stage rather than the parsing stage. (LP: #172260)
  * References
    CVE-2008-0226
    CVE-2008-0227
    CVE-2007-6303
    CVE-2007-2692
    http://bugs.mysql.com/bug.php?id=27337

 -- Jamie Strandboge <email address hidden> Wed, 19 Mar 2008 15:17:20 -0400

Changed in mysql-dfsg-5.0:
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :
Changed in mysql-dfsg-5.0:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Hew McLachlan (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in mysql-dfsg-4.1:
status: New → Won't Fix
Changed in mysql-dfsg:
status: New → Won't Fix
Saivann Carignan (oxmosys) wrote :

Dapper is not supported anymore since July 2009, therefore I mark Dapper status to invalid.

Changed in mysql-dfsg-4.1 (Ubuntu Dapper):
status: New → Invalid
Changed in mysql-dfsg (Ubuntu Dapper):
status: New → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers