Ubuntu alert USN-109-1 (mysql)

From:
    	       Martin Pitt <martin.pitt@canonical.com>
To:
    	       ubuntu-security-announce@lists.ubuntu.com
Subject:
    	       [USN-109-1] MySQL vulnerability
Date:
    	       Wed, 6 Apr 2005 12:49:33 +0200
Cc:
    	       full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
===========================================================
Ubuntu Security Notice USN-109-1	     April 06, 2005
mysql-dfsg vulnerability
CAN-2004-0957
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

mysql-server

The problem can be corrected by upgrading the affected package to
version 4.0.20-2ubuntu1.5.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

USN-32-1 fixed a database privilege escalation vulnerability; original
advisory text:

  "If a user was granted privileges to a database with a name
  containing an underscore ("_"), the user also gained the ability to
  grant privileges to other databases with similar names.
  (CAN-2004-0957)"

Recently a corner case was discovered where this vulnerability can
still be exploited, so another update is necessary. 

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:   176049 5327f1a5d1a3827fba4f33d7292e1b41

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:      892 a5317ab608e8c23ad3363b4d7fe96ba9

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:  9760117 f092867f6df2f50b34b8065312b9fb2b

  Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:    24778 2a297ce189a18851dd5a7423f25d905e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:  2810714 7869e26ba1893de1feb7633f409a90da

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:   304846 86393fa9f4ecae507b17707f5e3a8eaf

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:   422898 67670eeeddad130ecca1045a2f9e67fd

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:  3577760 8357127a732b5592d3642fc9314b7154

  i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:  2774158 dabd78b39cf3a747206b3e8dd09d18d0

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:   287792 3b4dc6eacf77df5cbe9cfba2b1c75627

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:   396908 9320dccff0733303d388deb406695ff4

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:  3486994 7e68be99e0161424dd2f42193824b613

  powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:  3110200 ec39921634e29dad12e91752936b7b04

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:   308470 961a07fe56d137daebb7b1c13959efc1

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:   452296 8dedc6992b4f66fcd33f34bf84494490

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/...
      Size/MD5:  3770438 782e8cfddf512c4ca31d4949fab25da4

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...