Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2011:012 ] mysql
From: security () mandriva com
Date: Mon, 17 Jan 2011 21:02:01 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:012
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : January 17, 2011
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in mysql:
 
 storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before
 5.1.49 allows remote authenticated users to cause a denial of service
 (assertion failure) by modifying the (1) innodb_file_format or (2)
 innodb_file_per_table configuration parameters for the InnoDB storage
 engine, then executing a DDL statement (CVE-2010-3676).
 
 MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
 authenticated users to cause a denial of service (mysqld daemon
 crash) via a join query that uses a table with a unique SET column
 (CVE-2010-3677).
 
 MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
 a denial of service (crash) via (1) IN or (2) CASE operations with
 NULL arguments that are explicitly specified or indirectly provided
 by the WITH ROLLUP modifier (CVE-2010-3678).
 
 MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
 a denial of service (mysqld daemon crash) via certain arguments to
 the BINLOG command, which triggers an access of uninitialized memory,
 as demonstrated by valgrind (CVE-2010-3679).
 
 MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
 a denial of service (mysqld daemon crash) by creating temporary
 tables while using InnoDB, which triggers an assertion failure
 (CVE-2010-3680).
 
 MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote
 authenticated users to cause a denial of service (mysqld daemon
 crash) by using the HANDLER interface and performing alternate reads
 from two indexes on a table, which triggers an assertion failure
 (CVE-2010-3681).
 
 MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
 authenticated users to cause a denial of service (mysqld daemon crash)
 by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY \(SELECT
 ... WHERE ...\)" statements, which triggers a NULL pointer dereference
 in the Item_singlerow_subselect::store function (CVE-2010-3682).
 
 MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when
 a LOAD DATA INFILE request generates SQL errors, which allows remote
 authenticated users to cause a denial of service (mysqld daemon crash)
 via a crafted request (CVE-2010-3683).
 
 The updated packages have been upgraded to the latest (last) stable
 5.1 release (5.1.54) to address these issues for both Mandriva Linux
 2010.0 and 2010.2.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3676
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html
 http://www.mysql.com/support/eol-notice.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 686ff6ab1037be9055b963c0da868c5a  2010.0/i586/libmysql16-5.1.54-0.1mdv2010.0.i586.rpm
 d21f5354b7a1137331b72ac8c01b65d1  2010.0/i586/libmysql-devel-5.1.54-0.1mdv2010.0.i586.rpm
 7380f13c75cd45dc7a4cab7500e76a7d  2010.0/i586/libmysql-static-devel-5.1.54-0.1mdv2010.0.i586.rpm
 fff29fa545c7e13c9dc73562f1a791b7  2010.0/i586/mysql-5.1.54-0.1mdv2010.0.i586.rpm
 3297cd90c967f1f962dfc7fea86aac8e  2010.0/i586/mysql-bench-5.1.54-0.1mdv2010.0.i586.rpm
 5ad1ecb0d6c1c23bb942463c94a85d47  2010.0/i586/mysql-client-5.1.54-0.1mdv2010.0.i586.rpm
 b31d77434db4049124c0ec0b6a2bcc7d  2010.0/i586/mysql-common-5.1.54-0.1mdv2010.0.i586.rpm
 619b1912a74fd2afa25cd3da86e72d04  2010.0/i586/mysql-common-core-5.1.54-0.1mdv2010.0.i586.rpm
 d93e4ed4822e6129cb49a3b1ea571c85  2010.0/i586/mysql-core-5.1.54-0.1mdv2010.0.i586.rpm
 f57f82b2bf007b41084ae40fb8efe4b4  2010.0/i586/mysql-doc-5.1.54-0.1mdv2010.0.i586.rpm
 2cf147d708c9389e9c7fd1333ae4ec59  2010.0/i586/mysql-max-5.1.54-0.1mdv2010.0.i586.rpm
 f943f6be18cc94174ebcff0b38912235  2010.0/i586/mysql-ndb-extra-5.1.54-0.1mdv2010.0.i586.rpm
 a5046d568ef2784e9dab8fdfb0844e5b  2010.0/i586/mysql-ndb-management-5.1.54-0.1mdv2010.0.i586.rpm
 2ca5966b89add7a0c1fd45d24ea46e68  2010.0/i586/mysql-ndb-storage-5.1.54-0.1mdv2010.0.i586.rpm
 6ce6e0ce63deba613978b9e1f250dbda  2010.0/i586/mysql-ndb-tools-5.1.54-0.1mdv2010.0.i586.rpm 
 5324dc97841f5cec84a6616480754af5  2010.0/SRPMS/mysql-5.1.54-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 c3447fdfd64da373d4953ec3b661c1c9  2010.0/x86_64/lib64mysql16-5.1.54-0.1mdv2010.0.x86_64.rpm
 30d5d8de87063a13bbfb8378b3bb6fb9  2010.0/x86_64/lib64mysql-devel-5.1.54-0.1mdv2010.0.x86_64.rpm
 412bd3ffd06d513efea926d92943d784  2010.0/x86_64/lib64mysql-static-devel-5.1.54-0.1mdv2010.0.x86_64.rpm
 38d7840bcf97600cce12b29c83cd40e0  2010.0/x86_64/mysql-5.1.54-0.1mdv2010.0.x86_64.rpm
 47f562cbfbf5cb23ccaec63e264a8c8f  2010.0/x86_64/mysql-bench-5.1.54-0.1mdv2010.0.x86_64.rpm
 80d9559b2a6c8fc4f2579d3413ff8b0c  2010.0/x86_64/mysql-client-5.1.54-0.1mdv2010.0.x86_64.rpm
 a7e714560f74258e7a9f1e6774759ef2  2010.0/x86_64/mysql-common-5.1.54-0.1mdv2010.0.x86_64.rpm
 a4a5d91865a4c86f252993ec8030a8cf  2010.0/x86_64/mysql-common-core-5.1.54-0.1mdv2010.0.x86_64.rpm
 271b2e32d1143923fec7add90fb56b0f  2010.0/x86_64/mysql-core-5.1.54-0.1mdv2010.0.x86_64.rpm
 04430eca656a618b4e509f9fbe7a3848  2010.0/x86_64/mysql-doc-5.1.54-0.1mdv2010.0.x86_64.rpm
 8d8679eb10880e3ecd683be974a7289f  2010.0/x86_64/mysql-max-5.1.54-0.1mdv2010.0.x86_64.rpm
 a1254ba2abc8ac1686f29236f6f59b2e  2010.0/x86_64/mysql-ndb-extra-5.1.54-0.1mdv2010.0.x86_64.rpm
 8c80ba5223247605844b19a8a5ec6cc4  2010.0/x86_64/mysql-ndb-management-5.1.54-0.1mdv2010.0.x86_64.rpm
 8b212ceeb5ff305da7c9cbfcc3eb3bde  2010.0/x86_64/mysql-ndb-storage-5.1.54-0.1mdv2010.0.x86_64.rpm
 90761e3010c02fabe981c94b062240b1  2010.0/x86_64/mysql-ndb-tools-5.1.54-0.1mdv2010.0.x86_64.rpm 
 5324dc97841f5cec84a6616480754af5  2010.0/SRPMS/mysql-5.1.54-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 a730b66d0f60a3ae797cfd1508573e14  2010.1/i586/libmysql16-5.1.54-0.1mdv2010.2.i586.rpm
 4db227ee520cc8fa2756cca5102c136f  2010.1/i586/libmysql-devel-5.1.54-0.1mdv2010.2.i586.rpm
 4fa187bf89c62a0b88b2614ccefd9b14  2010.1/i586/libmysql-static-devel-5.1.54-0.1mdv2010.2.i586.rpm
 5755eb749663381170e8776e8bc5a6ab  2010.1/i586/mysql-5.1.54-0.1mdv2010.2.i586.rpm
 54f5b5ca8145c1b3427a99374b3d7966  2010.1/i586/mysql-bench-5.1.54-0.1mdv2010.2.i586.rpm
 ca7475819312d72b58c8e80605f3a9d0  2010.1/i586/mysql-client-5.1.54-0.1mdv2010.2.i586.rpm
 77bf12591d85ce2a20ff01f60143ec2e  2010.1/i586/mysql-common-5.1.54-0.1mdv2010.2.i586.rpm
 d84835654b3c7ea383eb7522c0b42168  2010.1/i586/mysql-common-core-5.1.54-0.1mdv2010.2.i586.rpm
 a99914d27081cd012d8d84c931bb9f8b  2010.1/i586/mysql-core-5.1.54-0.1mdv2010.2.i586.rpm
 f60c297e866c86b5380a239f7ac4ecda  2010.1/i586/mysql-plugin_pbxt-1.0.11-13.1mdv2010.2.i586.rpm
 f8358bb5e71e3a7aa16ba21b494bb0d7  2010.1/i586/mysql-plugin_pinba-0.0.5-13.1mdv2010.2.i586.rpm
 acbe66b8e8e3f908293df4245c17b2fd  2010.1/i586/mysql-plugin_revision-0.1-13.1mdv2010.2.i586.rpm
 48af02184d67efb8102b1cc95e05a04a  2010.1/i586/mysql-plugin_sphinx-0.9.9-13.1mdv2010.2.i586.rpm 
 c759186cfea5fc30e40cb3c478db040b  2010.1/SRPMS/mysql-5.1.54-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 85ac66bedb992414bac140032eb47ed1  2010.1/x86_64/lib64mysql16-5.1.54-0.1mdv2010.2.x86_64.rpm
 e85bd21971ca794e95bb9f541a3511cc  2010.1/x86_64/lib64mysql-devel-5.1.54-0.1mdv2010.2.x86_64.rpm
 b1c5ce8655927dd256fcd41c1bbdf0fc  2010.1/x86_64/lib64mysql-static-devel-5.1.54-0.1mdv2010.2.x86_64.rpm
 5784ccf8aa36e5000edc04150beee1cf  2010.1/x86_64/mysql-5.1.54-0.1mdv2010.2.x86_64.rpm
 54ab31208fc60287f6b8fca8ede588e3  2010.1/x86_64/mysql-bench-5.1.54-0.1mdv2010.2.x86_64.rpm
 92c29d677050756b9eb98cab809716cb  2010.1/x86_64/mysql-client-5.1.54-0.1mdv2010.2.x86_64.rpm
 02219be1589f879e7c3a270bcf1764c9  2010.1/x86_64/mysql-common-5.1.54-0.1mdv2010.2.x86_64.rpm
 331dda5c7e2495db7a7422ebc4d3766c  2010.1/x86_64/mysql-common-core-5.1.54-0.1mdv2010.2.x86_64.rpm
 0fb4c6c0206dd361b485343a63f38597  2010.1/x86_64/mysql-core-5.1.54-0.1mdv2010.2.x86_64.rpm
 55e606e6edd8e79e878d5da3dd4161c0  2010.1/x86_64/mysql-plugin_pbxt-1.0.11-13.1mdv2010.2.x86_64.rpm
 710964319335515700860f6ac3a856e1  2010.1/x86_64/mysql-plugin_pinba-0.0.5-13.1mdv2010.2.x86_64.rpm
 3aad9d71ce8730d504ede7eb465584b8  2010.1/x86_64/mysql-plugin_revision-0.1-13.1mdv2010.2.x86_64.rpm
 89803a2b93fefa5630b5442750e08d87  2010.1/x86_64/mysql-plugin_sphinx-0.9.9-13.1mdv2010.2.x86_64.rpm 
 c759186cfea5fc30e40cb3c478db040b  2010.1/SRPMS/mysql-5.1.54-0.1mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNNHO+mqjQ0CJFipgRAm6EAKDG2iqE1+/8+QNft7mDIH4UbSCXPwCg6TIL
1CH1mHh9jS/cq2pmqKpMTNw=
=8MY+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2011:012 ] mysql security (Jan 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]