Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ MDVSA-2010:155-1 ] mysql
From: security () mandriva com
Date: Mon, 08 Nov 2010 18:27:01 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2010:155-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : November 8, 2010
 Affected: 2009.1
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in mysql:
 
 MySQL before 5.1.48 allows remote authenticated users with alter
 database privileges to cause a denial of service (server crash
 and database loss) via an ALTER DATABASE command with a #mysql50#
 string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
 similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
 causes MySQL to move certain directories to the server data directory
 (CVE-2010-2008).
 
 Additionally many security issues noted in the 5.1.49 release notes
 has been addressed with this advisory as well, such as:
 
 * LOAD DATA INFILE did not check for SQL errors and sent an OK packet
 even when errors were already reported. Also, an assert related to
 client-server protocol checking in debug servers sometimes was raised
 when it should not have been. (Bug#52512) (CVE-2010-3683)
 
 * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER
 BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)
 (CVE-2010-3682)
 
 * The server could crash if there were alternate reads from two indexes
 on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)
 
 * A malformed argument to the BINLOG statement could result in Valgrind
 warnings or a server crash. (Bug#54393) (CVE-2010-3679)
 
 * Incorrect handling of NULL arguments could lead to a crash for IN()
 or CASE operations when NULL arguments were either passed explicitly
 as arguments (for IN()) or implicitly generated by the WITH ROLLUP
 modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)
 
 * Joins involving a table with with a unique SET column could cause
 a server crash. (Bug#54575) (CVE-2010-3677)
 
 * Use of TEMPORARY  InnoDB tables with nullable columns could cause
 a server crash. (Bug#54044) (CVE-2010-3680)
 
 The updated packages have been patched to correct these issues.

 Update:

 Packages for 2009.1 was not provided with the MDVSA-2010:155
 advisory. This advisory provides the missing packages.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
 http://bugs.mysql.com/bug.php?id=52512
 http://bugs.mysql.com/bug.php?id=52711
 http://bugs.mysql.com/bug.php?id=54007
 http://bugs.mysql.com/bug.php?id=54393
 http://bugs.mysql.com/bug.php?id=54477
 http://bugs.mysql.com/bug.php?id=54575
 http://bugs.mysql.com/bug.php?id=54044
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 adfd92c6e4de06c22f7066b3880c7256  2009.1/i586/libmysql16-5.1.42-0.6mdv2009.1.i586.rpm
 5961a072e203925f3e85895e71c6d114  2009.1/i586/libmysql-devel-5.1.42-0.6mdv2009.1.i586.rpm
 87b2fb4508b2574b9610549cffe5d641  2009.1/i586/libmysql-static-devel-5.1.42-0.6mdv2009.1.i586.rpm
 0bb6bc8032660f9441595a897e5e37c2  2009.1/i586/mysql-5.1.42-0.6mdv2009.1.i586.rpm
 aa383ed18610327d12846a66d6d8b5bd  2009.1/i586/mysql-bench-5.1.42-0.6mdv2009.1.i586.rpm
 5abcaf797500228df411a10e9c1dd5a0  2009.1/i586/mysql-client-5.1.42-0.6mdv2009.1.i586.rpm
 883b4e34ece270efb56c2eaa60a3a5f0  2009.1/i586/mysql-common-5.1.42-0.6mdv2009.1.i586.rpm
 9fb48d28f8df4cb00aea4362837d2c3f  2009.1/i586/mysql-doc-5.1.42-0.6mdv2009.1.i586.rpm
 67c086070030addfd770cc4d4c3db6bf  2009.1/i586/mysql-max-5.1.42-0.6mdv2009.1.i586.rpm
 51e5a59f9aca3d05bbfb9a036f90ea54  2009.1/i586/mysql-ndb-extra-5.1.42-0.6mdv2009.1.i586.rpm
 d3da22f20148d43a625f3715f1d02be7  2009.1/i586/mysql-ndb-management-5.1.42-0.6mdv2009.1.i586.rpm
 a1d895e569730d42bed74d2b3b54ee0e  2009.1/i586/mysql-ndb-storage-5.1.42-0.6mdv2009.1.i586.rpm
 9db83e6bd1b332ed2bcfa55c3d1cbf11  2009.1/i586/mysql-ndb-tools-5.1.42-0.6mdv2009.1.i586.rpm 
 39c0f1c0030455d78aa1f6c240e78f42  2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 81c56209ceffc1c4a8718beed142e0bd  2009.1/x86_64/lib64mysql16-5.1.42-0.6mdv2009.1.x86_64.rpm
 fca597b87c3f7d5d5ca40f6c24afe2c3  2009.1/x86_64/lib64mysql-devel-5.1.42-0.6mdv2009.1.x86_64.rpm
 8287471cd70b341806f7e72a16222e68  2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.6mdv2009.1.x86_64.rpm
 5f4a264351859a08b259178c7fb6709e  2009.1/x86_64/mysql-5.1.42-0.6mdv2009.1.x86_64.rpm
 d5fd6ed95e52ffa75055b2e23ea880e1  2009.1/x86_64/mysql-bench-5.1.42-0.6mdv2009.1.x86_64.rpm
 2621cfecdf4b53bfe363d99a9225ca31  2009.1/x86_64/mysql-client-5.1.42-0.6mdv2009.1.x86_64.rpm
 1960228ef94d993486ab73a58323cc3e  2009.1/x86_64/mysql-common-5.1.42-0.6mdv2009.1.x86_64.rpm
 dd4821845d060dd6dac38217cc8cac66  2009.1/x86_64/mysql-doc-5.1.42-0.6mdv2009.1.x86_64.rpm
 65432b5801c2ac0b4f2c536a816bc06d  2009.1/x86_64/mysql-max-5.1.42-0.6mdv2009.1.x86_64.rpm
 3cf458db3d034e5998bccb70c006b71a  2009.1/x86_64/mysql-ndb-extra-5.1.42-0.6mdv2009.1.x86_64.rpm
 dea28a0be7cfcd99d942ce22f7999308  2009.1/x86_64/mysql-ndb-management-5.1.42-0.6mdv2009.1.x86_64.rpm
 45329f869ffee6b497ad73da0a81019f  2009.1/x86_64/mysql-ndb-storage-5.1.42-0.6mdv2009.1.x86_64.rpm
 72e2f6029c889723d0f003ffdbf007d1  2009.1/x86_64/mysql-ndb-tools-5.1.42-0.6mdv2009.1.x86_64.rpm 
 39c0f1c0030455d78aa1f6c240e78f42  2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM2AekmqjQ0CJFipgRAqwGAJ0dZsRuXRZ1OfiVCwbWUNj3i3zo4ACgwnsn
aN2rtXXq0VzlsNd0DLVdRvw=
=/o8P
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ MDVSA-2010:155-1 ] mysql security (Nov 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]