A MySQL security update is available for Ubuntu Linux 4.10
===========================================================
Ubuntu Security Notice USN-109-1 April 06, 2005
mysql-dfsg vulnerability
CAN-2004-0957
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mysql-server
The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.5. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-32-1 fixed a database privilege escalation vulnerability; original advisory text:
"If a user was granted privileges to a database with a name containing an underscore ("_"), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)"
Recently a corner case was discovered where this vulnerability can still be exploited, so another update is necessary.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20-2ubuntu1.5.diff.gz
Size/MD5: 176049 5327f1a5d1a3827fba4f33d7292e1b41
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20-2ubuntu1.5.dsc
Size/MD5: 892 a5317ab608e8c23ad3363b4d7fe96ba9
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20.orig.tar.gz
Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4
.0.20-2ubuntu1.5_all.deb
Size/MD5: 24778 2a297ce189a18851dd5a7423f25d905e
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 2810714 7869e26ba1893de1feb7633f409a90da
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 304846 86393fa9f4ecae507b17707f5e3a8eaf
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 422898 67670eeeddad130ecca1045a2f9e67fd
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 3577760 8357127a732b5592d3642fc9314b7154
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.5_i386.deb
Size/MD5: 2774158 dabd78b39cf3a747206b3e8dd09d18d0
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.5_i386.deb
Size/MD5: 287792 3b4dc6eacf77df5cbe9cfba2b1c75627
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.5_i386.deb
Size/MD5: 396908 9320dccff0733303d388deb406695ff4
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.5_i386.deb
Size/MD5: 3486994 7e68be99e0161424dd2f42193824b613
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 3110200 ec39921634e29dad12e91752936b7b04
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 308470 961a07fe56d137daebb7b1c13959efc1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 452296 8dedc6992b4f66fcd33f34bf84494490
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 3770438 782e8cfddf512c4ca31d4949fab25da4
===========================================================
Ubuntu Security Notice USN-109-1 April 06, 2005
mysql-dfsg vulnerability
CAN-2004-0957
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mysql-server
The problem can be corrected by upgrading the affected package to version 4.0.20-2ubuntu1.5. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-32-1 fixed a database privilege escalation vulnerability; original advisory text:
"If a user was granted privileges to a database with a name containing an underscore ("_"), the user also gained the ability to grant privileges to other databases with similar names. (CAN-2004-0957)"
Recently a corner case was discovered where this vulnerability can still be exploited, so another update is necessary.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20-2ubuntu1.5.diff.gz
Size/MD5: 176049 5327f1a5d1a3827fba4f33d7292e1b41
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20-2ubuntu1.5.dsc
Size/MD5: 892 a5317ab608e8c23ad3363b4d7fe96ba9
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0
.20.orig.tar.gz
Size/MD5: 9760117 f092867f6df2f50b34b8065312b9fb2b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4
.0.20-2ubuntu1.5_all.deb
Size/MD5: 24778 2a297ce189a18851dd5a7423f25d905e
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 2810714 7869e26ba1893de1feb7633f409a90da
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 304846 86393fa9f4ecae507b17707f5e3a8eaf
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 422898 67670eeeddad130ecca1045a2f9e67fd
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.5_amd64.deb
Size/MD5: 3577760 8357127a732b5592d3642fc9314b7154
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.5_i386.deb
Size/MD5: 2774158 dabd78b39cf3a747206b3e8dd09d18d0
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.5_i386.deb
Size/MD5: 287792 3b4dc6eacf77df5cbe9cfba2b1c75627
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.5_i386.deb
Size/MD5: 396908 9320dccff0733303d388deb406695ff4
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.5_i386.deb
Size/MD5: 3486994 7e68be99e0161424dd2f42193824b613
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
-dev_4.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 3110200 ec39921634e29dad12e91752936b7b04
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient
12_4.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 308470 961a07fe56d137daebb7b1c13959efc1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4
.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 452296 8dedc6992b4f66fcd33f34bf84494490
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4
.0.20-2ubuntu1.5_powerpc.deb
Size/MD5: 3770438 782e8cfddf512c4ca31d4949fab25da4