BugTraq
[ MDVSA-2011:012 ] mysql Jan 17 2011 08:02PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:012
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date : January 17, 2011
Affected: 2010.0, 2010.1
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in mysql:

storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before
5.1.49 allows remote authenticated users to cause a denial of service
(assertion failure) by modifying the (1) innodb_file_format or (2)
innodb_file_per_table configuration parameters for the InnoDB storage
engine, then executing a DDL statement (CVE-2010-3676).

MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon
crash) via a join query that uses a table with a unique SET column
(CVE-2010-3677).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
a denial of service (crash) via (1) IN or (2) CASE operations with
NULL arguments that are explicitly specified or indirectly provided
by the WITH ROLLUP modifier (CVE-2010-3678).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
a denial of service (mysqld daemon crash) via certain arguments to
the BINLOG command, which triggers an access of uninitialized memory,
as demonstrated by valgrind (CVE-2010-3679).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
a denial of service (mysqld daemon crash) by creating temporary
tables while using InnoDB, which triggers an assertion failure
(CVE-2010-3680).

MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote
authenticated users to cause a denial of service (mysqld daemon
crash) by using the HANDLER interface and performing alternate reads
from two indexes on a table, which triggers an assertion failure
(CVE-2010-3681).

MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY \(SELECT
... WHERE ...\)" statements, which triggers a NULL pointer dereference
in the Item_singlerow_subselect::store function (CVE-2010-3682).

MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when
a LOAD DATA INFILE request generates SQL errors, which allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
via a crafted request (CVE-2010-3683).

The updated packages have been upgraded to the latest (last) stable
5.1 release (5.1.54) to address these issues for both Mandriva Linux
2010.0 and 2010.2.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html
http://www.mysql.com/support/eol-notice.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
686ff6ab1037be9055b963c0da868c5a 2010.0/i586/libmysql16-5.1.54-0.1mdv2010.0.i586.rpm
d21f5354b7a1137331b72ac8c01b65d1 2010.0/i586/libmysql-devel-5.1.54-0.1mdv2010.0.i586.rpm
7380f13c75cd45dc7a4cab7500e76a7d 2010.0/i586/libmysql-static-devel-5.1.54-0.1mdv2010.0.i586.rpm
fff29fa545c7e13c9dc73562f1a791b7 2010.0/i586/mysql-5.1.54-0.1mdv2010.0.i586.rpm
3297cd90c967f1f962dfc7fea86aac8e 2010.0/i586/mysql-bench-5.1.54-0.1mdv2010.0.i586.rpm
5ad1ecb0d6c1c23bb942463c94a85d47 2010.0/i586/mysql-client-5.1.54-0.1mdv2010.0.i586.rpm
b31d77434db4049124c0ec0b6a2bcc7d 2010.0/i586/mysql-common-5.1.54-0.1mdv2010.0.i586.rpm
619b1912a74fd2afa25cd3da86e72d04 2010.0/i586/mysql-common-core-5.1.54-0.1mdv2010.0.i586.rpm
d93e4ed4822e6129cb49a3b1ea571c85 2010.0/i586/mysql-core-5.1.54-0.1mdv2010.0.i586.rpm
f57f82b2bf007b41084ae40fb8efe4b4 2010.0/i586/mysql-doc-5.1.54-0.1mdv2010.0.i586.rpm
2cf147d708c9389e9c7fd1333ae4ec59 2010.0/i586/mysql-max-5.1.54-0.1mdv2010.0.i586.rpm
f943f6be18cc94174ebcff0b38912235 2010.0/i586/mysql-ndb-extra-5.1.54-0.1mdv2010.0.i586.rpm
a5046d568ef2784e9dab8fdfb0844e5b 2010.0/i586/mysql-ndb-management-5.1.54-0.1mdv2010.0.i586.rpm
2ca5966b89add7a0c1fd45d24ea46e68 2010.0/i586/mysql-ndb-storage-5.1.54-0.1mdv2010.0.i586.rpm
6ce6e0ce63deba613978b9e1f250dbda 2010.0/i586/mysql-ndb-tools-5.1.54-0.1mdv2010.0.i586.rpm
5324dc97841f5cec84a6616480754af5 2010.0/SRPMS/mysql-5.1.54-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
c3447fdfd64da373d4953ec3b661c1c9 2010.0/x86_64/lib64mysql16-5.1.54-0.1mdv2010.0.x86_64.rpm
30d5d8de87063a13bbfb8378b3bb6fb9 2010.0/x86_64/lib64mysql-devel-5.1.54-0.1mdv2010.0.x86_64.rpm
412bd3ffd06d513efea926d92943d784 2010.0/x86_64/lib64mysql-static-devel-5.1.54-0.1mdv2010.0.x86_64.rpm
38d7840bcf97600cce12b29c83cd40e0 2010.0/x86_64/mysql-5.1.54-0.1mdv2010.0.x86_64.rpm
47f562cbfbf5cb23ccaec63e264a8c8f 2010.0/x86_64/mysql-bench-5.1.54-0.1mdv2010.0.x86_64.rpm
80d9559b2a6c8fc4f2579d3413ff8b0c 2010.0/x86_64/mysql-client-5.1.54-0.1mdv2010.0.x86_64.rpm
a7e714560f74258e7a9f1e6774759ef2 2010.0/x86_64/mysql-common-5.1.54-0.1mdv2010.0.x86_64.rpm
a4a5d91865a4c86f252993ec8030a8cf 2010.0/x86_64/mysql-common-core-5.1.54-0.1mdv2010.0.x86_64.rpm
271b2e32d1143923fec7add90fb56b0f 2010.0/x86_64/mysql-core-5.1.54-0.1mdv2010.0.x86_64.rpm
04430eca656a618b4e509f9fbe7a3848 2010.0/x86_64/mysql-doc-5.1.54-0.1mdv2010.0.x86_64.rpm
8d8679eb10880e3ecd683be974a7289f 2010.0/x86_64/mysql-max-5.1.54-0.1mdv2010.0.x86_64.rpm
a1254ba2abc8ac1686f29236f6f59b2e 2010.0/x86_64/mysql-ndb-extra-5.1.54-0.1mdv2010.0.x86_64.rpm
8c80ba5223247605844b19a8a5ec6cc4 2010.0/x86_64/mysql-ndb-management-5.1.54-0.1mdv2010.0.x86_64.rpm
8b212ceeb5ff305da7c9cbfcc3eb3bde 2010.0/x86_64/mysql-ndb-storage-5.1.54-0.1mdv2010.0.x86_64.rpm
90761e3010c02fabe981c94b062240b1 2010.0/x86_64/mysql-ndb-tools-5.1.54-0.1mdv2010.0.x86_64.rpm
5324dc97841f5cec84a6616480754af5 2010.0/SRPMS/mysql-5.1.54-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
a730b66d0f60a3ae797cfd1508573e14 2010.1/i586/libmysql16-5.1.54-0.1mdv2010.2.i586.rpm
4db227ee520cc8fa2756cca5102c136f 2010.1/i586/libmysql-devel-5.1.54-0.1mdv2010.2.i586.rpm
4fa187bf89c62a0b88b2614ccefd9b14 2010.1/i586/libmysql-static-devel-5.1.54-0.1mdv2010.2.i586.rpm
5755eb749663381170e8776e8bc5a6ab 2010.1/i586/mysql-5.1.54-0.1mdv2010.2.i586.rpm
54f5b5ca8145c1b3427a99374b3d7966 2010.1/i586/mysql-bench-5.1.54-0.1mdv2010.2.i586.rpm
ca7475819312d72b58c8e80605f3a9d0 2010.1/i586/mysql-client-5.1.54-0.1mdv2010.2.i586.rpm
77bf12591d85ce2a20ff01f60143ec2e 2010.1/i586/mysql-common-5.1.54-0.1mdv2010.2.i586.rpm
d84835654b3c7ea383eb7522c0b42168 2010.1/i586/mysql-common-core-5.1.54-0.1mdv2010.2.i586.rpm
a99914d27081cd012d8d84c931bb9f8b 2010.1/i586/mysql-core-5.1.54-0.1mdv2010.2.i586.rpm
f60c297e866c86b5380a239f7ac4ecda 2010.1/i586/mysql-plugin_pbxt-1.0.11-13.1mdv2010.2.i586.rpm
f8358bb5e71e3a7aa16ba21b494bb0d7 2010.1/i586/mysql-plugin_pinba-0.0.5-13.1mdv2010.2.i586.rpm
acbe66b8e8e3f908293df4245c17b2fd 2010.1/i586/mysql-plugin_revision-0.1-13.1mdv2010.2.i586.rpm
48af02184d67efb8102b1cc95e05a04a 2010.1/i586/mysql-plugin_sphinx-0.9.9-13.1mdv2010.2.i586.rpm
c759186cfea5fc30e40cb3c478db040b 2010.1/SRPMS/mysql-5.1.54-0.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
85ac66bedb992414bac140032eb47ed1 2010.1/x86_64/lib64mysql16-5.1.54-0.1mdv2010.2.x86_64.rpm
e85bd21971ca794e95bb9f541a3511cc 2010.1/x86_64/lib64mysql-devel-5.1.54-0.1mdv2010.2.x86_64.rpm
b1c5ce8655927dd256fcd41c1bbdf0fc 2010.1/x86_64/lib64mysql-static-devel-5.1.54-0.1mdv2010.2.x86_64.rpm
5784ccf8aa36e5000edc04150beee1cf 2010.1/x86_64/mysql-5.1.54-0.1mdv2010.2.x86_64.rpm
54ab31208fc60287f6b8fca8ede588e3 2010.1/x86_64/mysql-bench-5.1.54-0.1mdv2010.2.x86_64.rpm
92c29d677050756b9eb98cab809716cb 2010.1/x86_64/mysql-client-5.1.54-0.1mdv2010.2.x86_64.rpm
02219be1589f879e7c3a270bcf1764c9 2010.1/x86_64/mysql-common-5.1.54-0.1mdv2010.2.x86_64.rpm
331dda5c7e2495db7a7422ebc4d3766c 2010.1/x86_64/mysql-common-core-5.1.54-0.1mdv2010.2.x86_64.rpm
0fb4c6c0206dd361b485343a63f38597 2010.1/x86_64/mysql-core-5.1.54-0.1mdv2010.2.x86_64.rpm
55e606e6edd8e79e878d5da3dd4161c0 2010.1/x86_64/mysql-plugin_pbxt-1.0.11-13.1mdv2010.2.x86_64.rpm
710964319335515700860f6ac3a856e1 2010.1/x86_64/mysql-plugin_pinba-0.0.5-13.1mdv2010.2.x86_64.rpm
3aad9d71ce8730d504ede7eb465584b8 2010.1/x86_64/mysql-plugin_revision-0.1-13.1mdv2010.2.x86_64.rpm
89803a2b93fefa5630b5442750e08d87 2010.1/x86_64/mysql-plugin_sphinx-0.9.9-13.1mdv2010.2.x86_64.rpm
c759186cfea5fc30e40cb3c478db040b 2010.1/SRPMS/mysql-5.1.54-0.1mdv2010.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNNHO+mqjQ0CJFipgRAm6EAKDG2iqE1+/8+QNft7mDIH4UbSCXPwCg6TIL
1CH1mHh9jS/cq2pmqKpMTNw=
=8MY+
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus