exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2010-155

Mandriva Linux Security Advisory 2010-155
Posted Aug 21, 2010
Authored by Mandriva

Mandriva Linux Security Advisory 2010-155 - Multiple vulnerabilities has been found and corrected in mysql. MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service. Additionally many security issues noted in the 5.1.49 release notes have been addressed with this advisory as well.The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, vulnerability
systems | linux, mandriva
SHA-256 | e288379bf95e4e698f11b38bbe44a50ce7be5c11b62da7c35ea9c632e75823e3

Mandriva Linux Security Advisory 2010-155

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:155
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mysql
Date : August 20, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in mysql:

MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash
and database loss) via an ALTER DATABASE command with a #mysql50#
string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
causes MySQL to move certain directories to the server data directory
(CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as:

* LOAD DATA INFILE did not check for SQL errors and sent an OK packet
even when errors were already reported. Also, an assert related to
client-server protocol checking in debug servers sometimes was raised
when it should not have been. (Bug#52512)

* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY
(SELECT ... WHERE ...) could cause a server crash. (Bug#52711)

* The server could crash if there were alternate reads from two
indexes on a table using the HANDLER interface. (Bug#54007)

* A malformed argument to the BINLOG statement could result in Valgrind
warnings or a server crash. (Bug#54393)

* Incorrect handling of NULL arguments could lead to a crash for IN()
or CASE operations when NULL arguments were either passed explicitly
as arguments (for IN()) or implicitly generated by the WITH ROLLUP
modifier (for IN() and CASE). (Bug#54477)

* Joins involving a table with with a unique SET column could cause
a server crash. (Bug#54575)

* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash. (Bug#54044)

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
http://bugs.mysql.com/bug.php?id=52512
http://bugs.mysql.com/bug.php?id=52711
http://bugs.mysql.com/bug.php?id=54007
http://bugs.mysql.com/bug.php?id=54393
http://bugs.mysql.com/bug.php?id=54477
http://bugs.mysql.com/bug.php?id=54575
http://bugs.mysql.com/bug.php?id=54044
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.0:
e0181e6f02a4d75da4844afb468a2272 2010.0/i586/libmysql16-5.1.42-0.6mdv2010.0.i586.rpm
90babf8758412eedecb7eb6c9881d1a9 2010.0/i586/libmysql-devel-5.1.42-0.6mdv2010.0.i586.rpm
217ebcccf4b1af0701bdcf042165be12 2010.0/i586/libmysql-static-devel-5.1.42-0.6mdv2010.0.i586.rpm
6b1a9b256eb1d1449609a9e914f7664e 2010.0/i586/mysql-5.1.42-0.6mdv2010.0.i586.rpm
7add987091592e974e8ae64994c82313 2010.0/i586/mysql-bench-5.1.42-0.6mdv2010.0.i586.rpm
a13c5bb98abb9aba82fb80dcb27e2752 2010.0/i586/mysql-client-5.1.42-0.6mdv2010.0.i586.rpm
8b2847d65735c38458c77153072a281e 2010.0/i586/mysql-common-5.1.42-0.6mdv2010.0.i586.rpm
86567fb759318246336f7077d6c13709 2010.0/i586/mysql-common-core-5.1.42-0.6mdv2010.0.i586.rpm
e8a3c6e59eb5321d13ad1a863465f6ef 2010.0/i586/mysql-core-5.1.42-0.6mdv2010.0.i586.rpm
b54c2338358f35dfb1292d615583ea2a 2010.0/i586/mysql-doc-5.1.42-0.6mdv2010.0.i586.rpm
1b4987ab9f81a4c0cd8e44e2bb2433c4 2010.0/i586/mysql-max-5.1.42-0.6mdv2010.0.i586.rpm
38c17d5f3d550d81dc14f38b7a5dc73d 2010.0/i586/mysql-ndb-extra-5.1.42-0.6mdv2010.0.i586.rpm
75cde53e6cc55176915cdd510419052c 2010.0/i586/mysql-ndb-management-5.1.42-0.6mdv2010.0.i586.rpm
522dd59860efcf76b2ecbd598e1fbba4 2010.0/i586/mysql-ndb-storage-5.1.42-0.6mdv2010.0.i586.rpm
a2fbac8608bd716b13b24644fc4e28c5 2010.0/i586/mysql-ndb-tools-5.1.42-0.6mdv2010.0.i586.rpm
9a02ff536f50d0dec97097d94d24c7e6 2010.0/SRPMS/mysql-5.1.42-0.6mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
dfa125382cbe6a86a3e2747c40e80556 2010.0/x86_64/lib64mysql16-5.1.42-0.6mdv2010.0.x86_64.rpm
968922e7d30ad10adc07e494df043f65 2010.0/x86_64/lib64mysql-devel-5.1.42-0.6mdv2010.0.x86_64.rpm
6fc264fa829f9e1843bfe1fa2034b7c7 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.6mdv2010.0.x86_64.rpm
13b2e24a215b63f36eb530b352a67ad3 2010.0/x86_64/mysql-5.1.42-0.6mdv2010.0.x86_64.rpm
e32753015f97d63a4bc07e88d9823250 2010.0/x86_64/mysql-bench-5.1.42-0.6mdv2010.0.x86_64.rpm
c06b10d407d93365d728eacecf54ae2b 2010.0/x86_64/mysql-client-5.1.42-0.6mdv2010.0.x86_64.rpm
f89dc39e6cc7a5c4e567f8c92cff9c5d 2010.0/x86_64/mysql-common-5.1.42-0.6mdv2010.0.x86_64.rpm
8983a954ac90e6f57b3b6b93dd5a390d 2010.0/x86_64/mysql-common-core-5.1.42-0.6mdv2010.0.x86_64.rpm
d656b12ce58632088b1156685f5e02ed 2010.0/x86_64/mysql-core-5.1.42-0.6mdv2010.0.x86_64.rpm
233eedc8496ebcc87fd816e2a571c800 2010.0/x86_64/mysql-doc-5.1.42-0.6mdv2010.0.x86_64.rpm
8eab7f59e2cd28e04e2fac6b27b248e3 2010.0/x86_64/mysql-max-5.1.42-0.6mdv2010.0.x86_64.rpm
4b3c37814d862cbbce00af6fa9c84e0f 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.6mdv2010.0.x86_64.rpm
cb105cd46742d7c16f60197a7a7d5164 2010.0/x86_64/mysql-ndb-management-5.1.42-0.6mdv2010.0.x86_64.rpm
1405a62c2ed606a611e9ea05323c17d2 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.6mdv2010.0.x86_64.rpm
9fe486a7b2aeacb8f44e1254538a4bbf 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.6mdv2010.0.x86_64.rpm
9a02ff536f50d0dec97097d94d24c7e6 2010.0/SRPMS/mysql-5.1.42-0.6mdv2010.0.src.rpm

Mandriva Linux 2010.1:
9b26917d3f8a0867796ed4b0abf3b593 2010.1/i586/libmysql16-5.1.46-4.1mdv2010.1.i586.rpm
a66497934fc6a7f6ddedb23b377f30eb 2010.1/i586/libmysql-devel-5.1.46-4.1mdv2010.1.i586.rpm
4f576adb88c4059dc6a032b6def9d3c7 2010.1/i586/libmysql-static-devel-5.1.46-4.1mdv2010.1.i586.rpm
fc09d0963ef6137b890cebc3f2bcfb7f 2010.1/i586/mysql-5.1.46-4.1mdv2010.1.i586.rpm
6c380457de4d14b2fb5c2bb9d7ccef2a 2010.1/i586/mysql-bench-5.1.46-4.1mdv2010.1.i586.rpm
abe986ae0c4f41a836aa41e1994a2bf7 2010.1/i586/mysql-client-5.1.46-4.1mdv2010.1.i586.rpm
7b91ade7f6ca9849cbc575d2c4509351 2010.1/i586/mysql-common-5.1.46-4.1mdv2010.1.i586.rpm
8d426b99b7a65269f64366f2deb9a955 2010.1/i586/mysql-common-core-5.1.46-4.1mdv2010.1.i586.rpm
050e1d41c7c8923a6b66fc954962dc73 2010.1/i586/mysql-core-5.1.46-4.1mdv2010.1.i586.rpm
9d92266b348047b2d5c2314320a81453 2010.1/i586/mysql-plugin_pbxt-1.0.10-13.1mdv2010.1.i586.rpm
46b4f2dd48c3b4c976ec32f497e64eec 2010.1/i586/mysql-plugin_pinba-0.0.5-13.1mdv2010.1.i586.rpm
d68b654e70ae110b4fd39f8025fa2826 2010.1/i586/mysql-plugin_revision-0.1-13.1mdv2010.1.i586.rpm
812f10b106f16d9f38f6b69bcda22d9c 2010.1/i586/mysql-plugin_sphinx-0.9.9-13.1mdv2010.1.i586.rpm
45a49833d1714319fa9236190dfa2390 2010.1/i586/mysql-plugin_spider-2.13-13.1mdv2010.1.i586.rpm
fa916f4e032d28a6e0c8036026db9a26 2010.1/SRPMS/mysql-5.1.46-4.1mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64:
937f600c8f2ba9e76da5fc3b817106f7 2010.1/x86_64/lib64mysql16-5.1.46-4.1mdv2010.1.x86_64.rpm
5c504645dd2944a1fc894fef5f9960c6 2010.1/x86_64/lib64mysql-devel-5.1.46-4.1mdv2010.1.x86_64.rpm
a9e3f0fd47eb4c3064675b99d92874bd 2010.1/x86_64/lib64mysql-static-devel-5.1.46-4.1mdv2010.1.x86_64.rpm
693048d4d8d9b5608bbf5ba781701195 2010.1/x86_64/mysql-5.1.46-4.1mdv2010.1.x86_64.rpm
5a8b8519ab0002bf676abb0f912fab24 2010.1/x86_64/mysql-bench-5.1.46-4.1mdv2010.1.x86_64.rpm
64b96e2ba5f040d98efe3c8057876873 2010.1/x86_64/mysql-client-5.1.46-4.1mdv2010.1.x86_64.rpm
db25c98330349452f20edbb74b5e82b4 2010.1/x86_64/mysql-common-5.1.46-4.1mdv2010.1.x86_64.rpm
e06e683b1ca6ed4def6e03cfc13569ae 2010.1/x86_64/mysql-common-core-5.1.46-4.1mdv2010.1.x86_64.rpm
0a6801cf988f8a0d6cd7b24ba8a12c4a 2010.1/x86_64/mysql-core-5.1.46-4.1mdv2010.1.x86_64.rpm
63c665a719242eab65168ec1dfcbc767 2010.1/x86_64/mysql-plugin_pbxt-1.0.10-13.1mdv2010.1.x86_64.rpm
57498e5bfa7e9c89774321f68308beb6 2010.1/x86_64/mysql-plugin_pinba-0.0.5-13.1mdv2010.1.x86_64.rpm
df8ec7acf48ae5e1d5263548594e7439 2010.1/x86_64/mysql-plugin_revision-0.1-13.1mdv2010.1.x86_64.rpm
a048ac261564614081ab2f7296cf74be 2010.1/x86_64/mysql-plugin_sphinx-0.9.9-13.1mdv2010.1.x86_64.rpm
9655f023de18252ad567604460f635fb 2010.1/x86_64/mysql-plugin_spider-2.13-13.1mdv2010.1.x86_64.rpm
fa916f4e032d28a6e0c8036026db9a26 2010.1/SRPMS/mysql-5.1.46-4.1mdv2010.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMbmOOmqjQ0CJFipgRAn/ZAKDCQuwf6wGQjZP6dv7gdzhPCcXRAACg08IZ
iLdlzoOV+tPqxaisYBfG0CY=
=O6Zj
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close