[USN-897-1] MySQL vulnerabilities

By | 2010/02/10

The following security announcement applies to mysql-server. If you have mysql-server installed, please see below for details on the vulnerability and instructions on patching your system:

It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use the DATA
DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks.
This update alters table creation behaviour by disallowing the use of the
MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This
issue only affected Ubuntu 8.10. (CVE-2008-4098)

It was discovered that MySQL contained a cross-site scripting vulnerability
in the command-line client when the –html option is enabled. An attacker
could place arbitrary web script or html in a database cell, which would
then get placed in the html document output by the command-line tool. This
issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04.
(CVE-2008-4456)

It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use symlinks
combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly
bypass privilege checks. This issue only affected Ubuntu 9.10.
(CVE-2008-7247)

It was discovered that MySQL contained multiple format string flaws when
logging database creation and deletion. An authenticated user could use
specially crafted database names to make MySQL crash, causing a denial of
service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04.
(CVE-2009-2446)

It was discovered that MySQL incorrectly handled errors when performing
certain SELECT statements, and did not preserve correct flags when
performing statements that use the GeomFromWKB function. An authenticated
user could exploit this to make MySQL crash, causing a denial of service.
(CVE-2009-4019)

It was discovered that MySQL incorrectly checked symlinks when using the
DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks
to create tables that pointed to tables known to be created at a later
time, bypassing access restrictions. (CVE-2009-4030)

It was discovered that MySQL contained a buffer overflow when parsing
ssl certificates. A remote attacker could send crafted requests and cause a
denial of service or possibly execute arbitrary code. This issue did not
affect Ubuntu 6.06 LTS and the default compiler options for affected
releases should reduce the vulnerability to a denial of service. In the
default installation, attackers would also be isolated by the AppArmor
MySQL profile. (CVE-2009-4484)

The above security vulnerabilities apply to the following Ubuntu releases:

  • Ubuntu 6.06 LTS
  • Ubuntu 8.04 LTS
  • Ubuntu 8.10
  • Ubuntu 9.04
  • Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.