=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN142
_____________________________________________________________________

DATE                      : 22/03/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Ubuntu running mysql-server-5.0.

======================================================================

===========================================================
Ubuntu Security Notice USN-440-1             March 21, 2007
mysql-dfsg-5.0 vulnerability
CVE-2007-1420
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
   mysql-server-5.0                         5.0.22-0ubuntu6.06.3

Ubuntu 6.10:
   mysql-server-5.0                         5.0.24a-9ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Stefan Streichbier and B. Mueller of SEC Consult discovered that MySQL
subselect queries using "ORDER BY" could be made to crash the MySQL
server.  An attacker with access to a MySQL instance could cause an
intermitant denial of service.


Updated packages for Ubuntu 6.06 LTS:

   Source archives:

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.3.diff.gz
       Size/MD5:   127117 30ac47cfd02a983b7ae79232ecd6d86d
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.3.dsc
       Size/MD5:     1107 87d6c9fc492af83f792f56d8f503f94d
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
       Size/MD5: 18446645 2b8f36364373461190126817ec872031

   Architecture independent packages:

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.3_all.deb
       Size/MD5:    37034 2701d0790885aa42c241bb17b1b41ef5
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.3_all.deb
       Size/MD5:    39528 a509b8c2c344a98dd86f86b1f13ea64b
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.3_all.deb
       Size/MD5:    37044 e311eed91778bb39c835ccddd60fd1a0

   amd64 architecture (Athlon64, Opteron, EM64T Xeon)

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.3_amd64.deb
       Size/MD5:  6725962 b6c7c1def6e5b15e309f824ba6fa793b
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.3_amd64.deb
       Size/MD5:  1421924 674c5493a510964f740e6d7569f7dd97
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.3_amd64.deb
       Size/MD5:  6895598 4c428dc200331a86bc85c317fb463665
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.3_amd64.deb
       Size/MD5: 22491440 91027f70ca0f03b6c333fe981ba3fd5e

   i386 architecture (x86 compatible Intel/AMD)

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.3_i386.deb
       Size/MD5:  6139698 42e296ecc2b93152b2594cf4fdeb4216
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.3_i386.deb
       Size/MD5:  1382384 7e7265bb5c4352f8f2bddf4a96433a0e
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.3_i386.deb
       Size/MD5:  6278074 f628ae4e399fbfb34fe81a2b72fb4e7c
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.3_i386.deb
       Size/MD5: 21347606 6046e9fc069f350f5af1275a6f0a8272

   powerpc architecture (Apple Macintosh G3/G4/G5)

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.3_powerpc.deb
       Size/MD5:  6883216 06796f956e20ca9da895808bea26f6e1
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.3_powerpc.deb
       Size/MD5:  1462266 d2ee56898a1fee233b8d8c20c909b676
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.3_powerpc.deb
       Size/MD5:  6939834 fe28ce2853c48654bd2140aff23d7889
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.3_powerpc.deb
       Size/MD5: 22704466 5d8ad9a98c1d2a14c623a5807baff804

   sparc architecture (Sun SPARC/UltraSPARC)

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.3_sparc.deb
       Size/MD5:  6431020 5b58831fdbf3372aad024cef8eff877a
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.3_sparc.deb
       Size/MD5:  1434356 8190649eade4c015fc33b95ea104d15b
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.3_sparc.deb
       Size/MD5:  6536406 633c130d5423f13dbd16e10ffdd7ae20
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.3_sparc.deb
       Size/MD5: 21969388 4ad1fc18e42e3dd19c47c481f398e77d

Updated packages for Ubuntu 6.10:

   Source archives:

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.24a-9ubuntu0.1.diff.gz
       Size/MD5:   134014 c155ec07e0134e5bdca6bdcc3432dacd
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.24a-9ubuntu0.1.dsc
       Size/MD5:     1103 24797bc52d320f8ad19b6290489827d0
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.24a.orig.tar.gz
       Size/MD5: 18663598 9641fcc4f34b4a2651d1aabb3b72a971

   Architecture independent packages:

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.24a-9ubuntu0.1_all.deb
       Size/MD5:    39658 7e9876ec5240b71d18fdc2777dd88ab1
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.24a-9ubuntu0.1_all.deb
       Size/MD5:    42284 155cf72aaecceb799cef95998ad6acfc
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.24a-9ubuntu0.1_all.deb
       Size/MD5:    39664 e99922491817b27b959351896eba42e3

   amd64 architecture (Athlon64, Opteron, EM64T Xeon)

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.24a-9ubuntu0.1_amd64.deb
       Size/MD5:  7293722 6870de5d88c69721bbea976a8242ceff
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.24a-9ubuntu0.1_amd64.deb
       Size/MD5:  1814772 59f3b1683fbc4ea32e0cbf7293b54d37
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.24a-9ubuntu0.1_amd64.deb
       Size/MD5:  7433528 cb1959bb27157b4fbed6b56301f624ac
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.24a-9ubuntu0.1_amd64.deb
       Size/MD5: 25706768 0d913a87c2f11dc2c04bed33d54322ef

   i386 architecture (x86 compatible Intel/AMD)

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.24a-9ubuntu0.1_i386.deb
       Size/MD5:  6812648 f7e57a902c6b3c36d1267e62bb4273bf
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.24a-9ubuntu0.1_i386.deb
       Size/MD5:  1760032 ce2b7d2329c778d7c771a2e76bb65cfc
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.24a-9ubuntu0.1_i386.deb
       Size/MD5:  6955592 12cf5825a5f6e722b767ce57900ff2c8
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.24a-9ubuntu0.1_i386.deb
       Size/MD5: 24937196 de7b60c5ee02963dac87926b469b2dff

   powerpc architecture (Apple Macintosh G3/G4/G5)

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.24a-9ubuntu0.1_powerpc.deb
       Size/MD5:  7435012 4a9d53bfe4dfa087d0faece8ef2f315d
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.24a-9ubuntu0.1_powerpc.deb
       Size/MD5:  1809714 3353e911eb57df13bffa3c8c5536b8bb
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.24a-9ubuntu0.1_powerpc.deb
       Size/MD5:  7469760 bdc820d7dbbee1d57933d460fd06fd48
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.24a-9ubuntu0.1_powerpc.deb
       Size/MD5: 26068882 746dba581937e825068465fe6a0c15d1

   sparc architecture (Sun SPARC/UltraSPARC)

 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.24a-9ubuntu0.1_sparc.deb
       Size/MD5:  6942310 6115a20fac831a672e2fdc6d175d5307
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.24a-9ubuntu0.1_sparc.deb
       Size/MD5:  1771126 7567621334849e6705a43b908e2d4e22
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.24a-9ubuntu0.1_sparc.deb
       Size/MD5:  7047828 d61e91960baab71b6ac2cd8d57f66708
 
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.24a-9ubuntu0.1_sparc.deb

======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================