[ MDVSA-2010:155-1 ] mysql

2010-11-09T00:00:00
ID SECURITYVULNS:DOC:25096
Type securityvulns
Reporter Securityvulns
Modified 2010-11-09T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2010:155-1 http://www.mandriva.com/security/


Package : mysql Date : November 8, 2010 Affected: 2009.1


Problem Description:

Multiple vulnerabilities has been found and corrected in mysql:

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory (CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as:

  • LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported. Also, an assert related to client-server protocol checking in debug servers sometimes was raised when it should not have been. (Bug#52512) (CVE-2010-3683)

  • Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711) (CVE-2010-3682)

  • The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)

  • A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash. (Bug#54393) (CVE-2010-3679)

  • Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)

  • Joins involving a table with with a unique SET column could cause a server crash. (Bug#54575) (CVE-2010-3677)

  • Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update:

Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory. This advisory provides the missing packages.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680 http://bugs.mysql.com/bug.php?id=52512 http://bugs.mysql.com/bug.php?id=52711 http://bugs.mysql.com/bug.php?id=54007 http://bugs.mysql.com/bug.php?id=54393 http://bugs.mysql.com/bug.php?id=54477 http://bugs.mysql.com/bug.php?id=54575 http://bugs.mysql.com/bug.php?id=54044


Updated Packages:

Mandriva Linux 2009.1: adfd92c6e4de06c22f7066b3880c7256 2009.1/i586/libmysql16-5.1.42-0.6mdv2009.1.i586.rpm 5961a072e203925f3e85895e71c6d114 2009.1/i586/libmysql-devel-5.1.42-0.6mdv2009.1.i586.rpm 87b2fb4508b2574b9610549cffe5d641 2009.1/i586/libmysql-static-devel-5.1.42-0.6mdv2009.1.i586.rpm 0bb6bc8032660f9441595a897e5e37c2 2009.1/i586/mysql-5.1.42-0.6mdv2009.1.i586.rpm aa383ed18610327d12846a66d6d8b5bd 2009.1/i586/mysql-bench-5.1.42-0.6mdv2009.1.i586.rpm 5abcaf797500228df411a10e9c1dd5a0 2009.1/i586/mysql-client-5.1.42-0.6mdv2009.1.i586.rpm 883b4e34ece270efb56c2eaa60a3a5f0 2009.1/i586/mysql-common-5.1.42-0.6mdv2009.1.i586.rpm 9fb48d28f8df4cb00aea4362837d2c3f 2009.1/i586/mysql-doc-5.1.42-0.6mdv2009.1.i586.rpm 67c086070030addfd770cc4d4c3db6bf 2009.1/i586/mysql-max-5.1.42-0.6mdv2009.1.i586.rpm 51e5a59f9aca3d05bbfb9a036f90ea54 2009.1/i586/mysql-ndb-extra-5.1.42-0.6mdv2009.1.i586.rpm d3da22f20148d43a625f3715f1d02be7 2009.1/i586/mysql-ndb-management-5.1.42-0.6mdv2009.1.i586.rpm a1d895e569730d42bed74d2b3b54ee0e 2009.1/i586/mysql-ndb-storage-5.1.42-0.6mdv2009.1.i586.rpm 9db83e6bd1b332ed2bcfa55c3d1cbf11 2009.1/i586/mysql-ndb-tools-5.1.42-0.6mdv2009.1.i586.rpm 39c0f1c0030455d78aa1f6c240e78f42 2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64: 81c56209ceffc1c4a8718beed142e0bd 2009.1/x86_64/lib64mysql16-5.1.42-0.6mdv2009.1.x86_64.rpm fca597b87c3f7d5d5ca40f6c24afe2c3 2009.1/x86_64/lib64mysql-devel-5.1.42-0.6mdv2009.1.x86_64.rpm 8287471cd70b341806f7e72a16222e68 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.6mdv2009.1.x86_64.rpm 5f4a264351859a08b259178c7fb6709e 2009.1/x86_64/mysql-5.1.42-0.6mdv2009.1.x86_64.rpm d5fd6ed95e52ffa75055b2e23ea880e1 2009.1/x86_64/mysql-bench-5.1.42-0.6mdv2009.1.x86_64.rpm 2621cfecdf4b53bfe363d99a9225ca31 2009.1/x86_64/mysql-client-5.1.42-0.6mdv2009.1.x86_64.rpm 1960228ef94d993486ab73a58323cc3e 2009.1/x86_64/mysql-common-5.1.42-0.6mdv2009.1.x86_64.rpm dd4821845d060dd6dac38217cc8cac66 2009.1/x86_64/mysql-doc-5.1.42-0.6mdv2009.1.x86_64.rpm 65432b5801c2ac0b4f2c536a816bc06d 2009.1/x86_64/mysql-max-5.1.42-0.6mdv2009.1.x86_64.rpm 3cf458db3d034e5998bccb70c006b71a 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.6mdv2009.1.x86_64.rpm dea28a0be7cfcd99d942ce22f7999308 2009.1/x86_64/mysql-ndb-management-5.1.42-0.6mdv2009.1.x86_64.rpm 45329f869ffee6b497ad73da0a81019f 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.6mdv2009.1.x86_64.rpm 72e2f6029c889723d0f003ffdbf007d1 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.6mdv2009.1.x86_64.rpm 39c0f1c0030455d78aa1f6c240e78f42 2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM2AekmqjQ0CJFipgRAqwGAJ0dZsRuXRZ1OfiVCwbWUNj3i3zo4ACgwnsn aN2rtXXq0VzlsNd0DLVdRvw= =/o8P -----END PGP SIGNATURE-----