USN-283-1: MySQL vulnerabilities

8 May 2006

mysql-dfsg-4.1, mysql-dfsg vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description

Details

Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. (CVE-2006-1516)

Stefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request. (CVE-2006-1517)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
mysql-server
mysql-server-4.1
Ubuntu 5.04
mysql-server
mysql-server-4.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References