[mysql] multiple vulnerabilities

Bug #172260 reported by disabled.user
274
Affects Status Importance Assigned to Milestone
mysql-dfsg (Ubuntu)
Invalid
Unknown
Unassigned
Dapper
Invalid
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Invalid
Undecided
Unassigned
Gutsy
Invalid
Undecided
Unassigned
Hardy
Invalid
Unknown
Unassigned
mysql-dfsg-4.1 (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Invalid
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Invalid
Undecided
Unassigned
Gutsy
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned
mysql-dfsg-5.0 (Ubuntu)
Fix Released
Medium
Unassigned
Dapper
Fix Released
Medium
Jamie Strandboge
Edgy
Fix Released
Medium
Jamie Strandboge
Feisty
Fix Released
Medium
Jamie Strandboge
Gutsy
Fix Released
Medium
Jamie Strandboge
Hardy
Fix Released
Medium
Unassigned
mysql-dfsg-5.0 (tuXlab)
Invalid
Undecided
Unassigned
mysql-dfsg-5.1 (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Invalid
Undecided
Unassigned
Edgy
Invalid
Undecided
Unassigned
Feisty
Invalid
Undecided
Unassigned
Gutsy
Invalid
Undecided
Unassigned
Hardy
Invalid
Undecided
Unassigned

Bug Description

References:
[1] DSA-1413-1 (http://www.debian.org/security/2007/dsa-1413)
[2] Bug#163811

Quoting [1]:
"Several vulnerabilities have been found in the MySQL database packages
with implications ranging from unauthorized database modifications to
remotely triggered server crashes."

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Accidently chosen tuXlab instead of Ubuntu (!§$"§$ mousewheel...).

Changed in mysql-dfsg-5.0:
status: New → Invalid
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :
Changed in mysql-dfsg-5.1:
status: New → Invalid
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

For mysql-dfsg-5.0, the following are fixed in Dapper - Hardy (http://www.ubuntu.com/usn/usn-528-1):
CVE-2007-2583
CVE-2007-2691
CVE-2007-3780
CVE-2007-3782

And these are fixed in Gutsy and Hardy:
CVE-2007-2692
CVE-2007-3781

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Updates for CVE-2007-3781, CVE-2007-5925, CVE-2007-5969 are committed.

This leaves CVE-2007-2692 for Dapper -> Feisty

Changed in mysql-dfsg:
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Confirmed
assignee: jamie-strandboge → nobody
importance: Medium → Unknown
status: Confirmed → New
Changed in mysql-dfsg-5.0:
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Confirmed
status: Confirmed → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Updates are now released for the above CVEs.

Let's leave this bug open for CVE-2007-2692, but please file future CVEs in new reports.

Changed in mysql-dfsg-5.1:
status: New → Invalid
status: New → Invalid
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in mysql-dfsg-4.1:
status: New → Invalid
status: New → Invalid
status: New → Invalid
Changed in mysql-dfsg-5.0:
status: Triaged → Fix Released
status: New → Fix Released
Changed in mysql-dfsg-5.1:
status: New → Invalid
status: New → Invalid
Changed in mysql-dfsg-5.0:
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → jamie-strandboge
importance: Undecided → Medium
Changed in mysql-dfsg:
status: New → Invalid
status: New → Invalid
Changed in mysql-dfsg:
status: New → Invalid
Changed in mysql-dfsg-5.0:
assignee: jamie-strandboge → nobody
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

STATUS UPDATE

CVE-2007-2692 is not fixed in Debian Etch (and therefore the patch can't be used in Ubuntu releases). DSA-1413 omits part of the patch to sql/sql_db.cc and the test cases. If use the test cases from http://lists.mysql.com/commits/23650 against Etch, then it shows that Etch is still vulnerable. MDKSA-2007:243 does not address CVE-2007-2692. Investigating proper fix.

Changed in mysql-dfsg-5.0:
status: Triaged → In Progress
status: Triaged → In Progress
status: Triaged → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This fix is part of a larger update and is available in -proposed. Please test and report results in bug #201009.

Changed in mysql-dfsg-5.0:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.0.38-0ubuntu1.4

---------------
mysql-dfsg-5.0 (5.0.38-0ubuntu1.4) feisty-security; urgency=low

  * no change build for -security upload

mysql-dfsg-5.0 (5.0.38-0ubuntu1.3) feisty-proposed; urgency=low

  * SECURITY UPDATE: buffer overflow via ProcessOldClientHello() in
    handshake.cpp and input_buffer& operator>> in yassl_imp.cpp
  * SECURITY UPDATE: buffer overread in HASHwithTransform::Update in hash.cpp
  * debian/patches/97_SECURITY_CVE-2008-0226_0227.dpatch: properly verify
    length of input (LP: #186978).
  * SECURITY UPDATE: privilege escalation via crafted CREATE SQL SECURITY
    DEFINER VIEW and ALTER VIEW statements
  * debian/patches/98_SECURITY_CVE-2007-6303.dpatch: make sure lex->definer
    is non-NULL in sql_view.cc (LP: #185039)
  * debian/patches/99_view_fix-now.dpatch: update view.test and view.result to
    use a static year instead of now(). These tests are not part of the build
    but helps with qa-regression-testing
  * SECURITY UPDATE: privilege escalation via SQL SECURITY INVOKER stored
    routines
  * debian/patches/100_SECURITY_CVE-2007-2692.dpatch: restore THD::db_access
    when returning from stored routine by performing privilege checks in the
    execution stage rather than the parsing stage. (LP: #172260)
  * References
    CVE-2008-0226
    CVE-2008-0227
    CVE-2007-6303
    CVE-2007-2692
    http://bugs.mysql.com/bug.php?id=27337

 -- Jamie Strandboge <email address hidden> Wed, 19 Mar 2008 15:17:20 -0400

Changed in mysql-dfsg-5.0:
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in mysql-dfsg-5.0:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in mysql-dfsg-4.1:
status: New → Won't Fix
Changed in mysql-dfsg:
status: New → Won't Fix
Revision history for this message
Saivann Carignan (oxmosys) wrote :

Dapper is not supported anymore since July 2009, therefore I mark Dapper status to invalid.

Changed in mysql-dfsg-4.1 (Ubuntu Dapper):
status: New → Invalid
Changed in mysql-dfsg (Ubuntu Dapper):
status: New → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.