(RHSA-2011:0164) Moderate: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

The MySQL PolyFromWKB() function did not sanity check Well-Known Binary
(WKB) data, which could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3840)

A flaw in the way MySQL processed certain JOIN queries could allow a
remote, authenticated attacker to cause excessive CPU use (up to 100%), if
a stored procedure contained JOIN queries, and that procedure was executed
twice in sequence. (CVE-2010-3839)

A flaw in the way MySQL processed queries that provide a mixture of numeric
and longblob data types to the LEAST or GREATEST function, could allow a
remote, authenticated attacker to crash mysqld. (CVE-2010-3838)

A flaw in the way MySQL processed PREPARE statements containing both
GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3837)

MySQL did not properly pre-evaluate LIKE arguments in view prepare mode,
possibly allowing a remote, authenticated attacker to crash mysqld.
(CVE-2010-3836)

A flaw in the way MySQL processed statements that assign a value to a
user-defined variable and that also contain a logical value evaluation
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)

A flaw in the way MySQL evaluated the arguments of extreme-value functions,
such as LEAST and GREATEST, could allow a remote, authenticated attacker to
crash mysqld. (CVE-2010-3833)

A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to
send OK packets even when there were errors. (CVE-2010-3683)

A flaw in the way MySQL processed EXPLAIN statements for some complex
SELECT queries could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3682)

A flaw in the way MySQL processed certain alternating READ requests
provided by HANDLER statements could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3681)

A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that
define NULL columns when using the InnoDB storage engine, could allow a
remote, authenticated attacker to crash mysqld. (CVE-2010-3680)

A flaw in the way MySQL processed certain values provided to the BINLOG
statement caused MySQL to read unassigned memory. A remote, authenticated
attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679)

A flaw in the way MySQL processed SQL queries containing IN or CASE
statements, when a NULL argument was provided as one of the arguments to
the query, could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3678)

A flaw in the way MySQL processed JOIN queries that attempt to retrieve
data from a unique SET column could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3677)

Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,
CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678,
and CVE-2010-3677 only cause a temporary denial of service, as mysqld was
automatically restarted after each crash.

These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL
release notes for a full list of changes:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html

All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.