Mandriva Linux Security Advisory 2010-222 - Multiple vulnerabilities were discovered and corrected in mysql. Joins involving a table with with a unique SET column could cause a server crash. Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. Using EXPLAIN with queries of the form SELECT. UNION. ORDER BY could cause a server crash. Various other issues were also addressed.
74d0792dedac23aec2f739bcb4269d0a3049b419f30d9981405256e2fc0a6056-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:222
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : November 9, 2010
Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in mysql:
* Joins involving a table with with a unique SET column could cause
a server crash (CVE-2010-3677).
* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash (CVE-2010-3680).
* The server could crash if there were alternate reads from two
indexes on a table using the HANDLER interface (CVE-2010-3681).
* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY
(SELECT ... WHERE ...) could cause a server crash (CVE-2010-3682).
* During evaluation of arguments to extreme-value functions (such
as LEAST() and GREATEST()), type errors did not propagate properly,
causing the server to crash (CVE-2010-3833).
* The server could crash after materializing a derived table that
required a temporary table for grouping (CVE-2010-3834).
* A user-variable assignment expression that is evaluated in a logical
expression context can be precalculated in a temporary table for GROUP
BY. However, when the expression value is used after creation of the
temporary table, it was re-evaluated, not read from the table and a
server crash resulted (CVE-2010-3835).
* Pre-evaluation of LIKE predicates during view preparation could
cause a server crash (CVE-2010-3836).
* GROUP_CONCAT() and WITH ROLLUP together could cause a server crash
(CVE-2010-3837).
* Queries could cause a server crash if the GREATEST() or LEAST()
function had a mixed list of numeric and LONGBLOB arguments, and
the result of such a function was processed using an intermediate
temporary table (CVE-2010-3838).
* Queries with nested joins could cause an infinite loop in the
server when used from stored procedures and prepared statements
(CVE-2010-3839).
* The PolyFromWKB() function could crash the server when improper
WKB data was passed to the function (CVE-2010-3840).
Additionally the default behaviour of using the mysqlmanager instead
of the mysqld_safe script has been reverted in the SysV init script
because of instability issues with the mysqlmanager.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to mysql 5.0.91 and patched
to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3840
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
http://bugs.mysql.com/bug.php?id=54575
http://bugs.mysql.com/bug.php?id=54044
http://bugs.mysql.com/bug.php?id=54007
http://bugs.mysql.com/bug.php?id=52711
http://bugs.mysql.com/bug.php?id=55826
http://bugs.mysql.com/bug.php?id=55568
http://bugs.mysql.com/bug.php?id=55564
http://bugs.mysql.com/bug.php?id=54568
http://bugs.mysql.com/bug.php?id=54476
http://bugs.mysql.com/bug.php?id=54461
http://bugs.mysql.com/bug.php?id=53544
http://bugs.mysql.com/bug.php?id=51875
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
eb907536a0eeaaa029dc177ea9ef0a39 2009.0/i586/libmysql15-5.0.91-0.1mdv2009.0.i586.rpm
6478e39626354dceed037e214ec6cb1b 2009.0/i586/libmysql-devel-5.0.91-0.1mdv2009.0.i586.rpm
f241d659367edc2514f252a770715ce3 2009.0/i586/libmysql-static-devel-5.0.91-0.1mdv2009.0.i586.rpm
3acc56592aa5ef4ae5227c204a3a5931 2009.0/i586/mysql-5.0.91-0.1mdv2009.0.i586.rpm
6dd27cf8a8a6ddfcba4ff41199e5af53 2009.0/i586/mysql-bench-5.0.91-0.1mdv2009.0.i586.rpm
969531a60f2b36ce51504ced260b0df9 2009.0/i586/mysql-client-5.0.91-0.1mdv2009.0.i586.rpm
0d6e8961bb929492b105d4552622eaa4 2009.0/i586/mysql-common-5.0.91-0.1mdv2009.0.i586.rpm
e34023d0f7030d97f5ae90299b68eec9 2009.0/i586/mysql-doc-5.0.91-0.1mdv2009.0.i586.rpm
4d23ed1d323b7386428dc5f558d3dfe2 2009.0/i586/mysql-max-5.0.91-0.1mdv2009.0.i586.rpm
b9f3ae1f4537d552874ca55ed0bbb0d5 2009.0/i586/mysql-ndb-extra-5.0.91-0.1mdv2009.0.i586.rpm
71e6e537d8ca78f4feb184127c6d2241 2009.0/i586/mysql-ndb-management-5.0.91-0.1mdv2009.0.i586.rpm
ca105074d069cff1a46b33d97ad98d9c 2009.0/i586/mysql-ndb-storage-5.0.91-0.1mdv2009.0.i586.rpm
fbb37043811a661be20b76f2b5580f69 2009.0/i586/mysql-ndb-tools-5.0.91-0.1mdv2009.0.i586.rpm
a08639f29c6d8a07534854c05a1d455b 2009.0/SRPMS/mysql-5.0.91-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
cd1407d890e82227401c8b362707b3b9 2009.0/x86_64/lib64mysql15-5.0.91-0.1mdv2009.0.x86_64.rpm
e0e273aa8b3491d2c9a4e3262769105f 2009.0/x86_64/lib64mysql-devel-5.0.91-0.1mdv2009.0.x86_64.rpm
2d33f0fe6f058303912058018a3d0d06 2009.0/x86_64/lib64mysql-static-devel-5.0.91-0.1mdv2009.0.x86_64.rpm
da91cf85defd1b0cff9c069fadd07e5d 2009.0/x86_64/mysql-5.0.91-0.1mdv2009.0.x86_64.rpm
8ebcffba8321ae17aae21cb3ba52a3e9 2009.0/x86_64/mysql-bench-5.0.91-0.1mdv2009.0.x86_64.rpm
d5d640a2ef35848f9befc0be86d78a49 2009.0/x86_64/mysql-client-5.0.91-0.1mdv2009.0.x86_64.rpm
b526d8835e448c064cd63f9aefb3623c 2009.0/x86_64/mysql-common-5.0.91-0.1mdv2009.0.x86_64.rpm
f797fffb311a794dab45d168a8b781d6 2009.0/x86_64/mysql-doc-5.0.91-0.1mdv2009.0.x86_64.rpm
6fbb34d053af580605ee5e38319e70dc 2009.0/x86_64/mysql-max-5.0.91-0.1mdv2009.0.x86_64.rpm
b3301c995e36f2785d25c7d3e61abe6e 2009.0/x86_64/mysql-ndb-extra-5.0.91-0.1mdv2009.0.x86_64.rpm
96296d78b320836f6199ccd9f6ded083 2009.0/x86_64/mysql-ndb-management-5.0.91-0.1mdv2009.0.x86_64.rpm
460ca6c62c5911774601ff0f2503e885 2009.0/x86_64/mysql-ndb-storage-5.0.91-0.1mdv2009.0.x86_64.rpm
414c0cf19deda444f69486aed137b9e6 2009.0/x86_64/mysql-ndb-tools-5.0.91-0.1mdv2009.0.x86_64.rpm
a08639f29c6d8a07534854c05a1d455b 2009.0/SRPMS/mysql-5.0.91-0.1mdv2009.0.src.rpm
Corporate 4.0:
93ceb9fd59484cdea928ffd2e06d149c corporate/4.0/i586/libmysql15-5.0.91-0.1.20060mlcs4.i586.rpm
f80353a66273e0f70aba1f4821efd2fa corporate/4.0/i586/libmysql-devel-5.0.91-0.1.20060mlcs4.i586.rpm
e755ee14f4d94b55db8a74dbb721f068 corporate/4.0/i586/libmysql-static-devel-5.0.91-0.1.20060mlcs4.i586.rpm
95abd2f134cf728ecebb4c4d0b4a6ae9 corporate/4.0/i586/mysql-5.0.91-0.1.20060mlcs4.i586.rpm
1c18fe18e0475ea49a4a50b9d1f6c091 corporate/4.0/i586/mysql-bench-5.0.91-0.1.20060mlcs4.i586.rpm
7399fd7ae6850c14792eac8b79a34523 corporate/4.0/i586/mysql-client-5.0.91-0.1.20060mlcs4.i586.rpm
4aee716bce3e5965688194b1cd1712eb corporate/4.0/i586/mysql-common-5.0.91-0.1.20060mlcs4.i586.rpm
86bfc5a65912fbbbe1ac5b9eda7b31f0 corporate/4.0/i586/mysql-doc-5.0.91-0.1.20060mlcs4.i586.rpm
c387117b0a39d2bad9cec605f3f7314a corporate/4.0/i586/mysql-max-5.0.91-0.1.20060mlcs4.i586.rpm
f63da7fe87e2eb742a6a74e2c66a57e6 corporate/4.0/i586/mysql-ndb-extra-5.0.91-0.1.20060mlcs4.i586.rpm
9dd84b4d7102bf330b2979d90f8983c8 corporate/4.0/i586/mysql-ndb-management-5.0.91-0.1.20060mlcs4.i586.rpm
b51844ca5c493112335ca054f43e17d4 corporate/4.0/i586/mysql-ndb-storage-5.0.91-0.1.20060mlcs4.i586.rpm
09509a1f48bc11abe6570c3a46e9daf6 corporate/4.0/i586/mysql-ndb-tools-5.0.91-0.1.20060mlcs4.i586.rpm
927ed1974f0a042693967b6fd22ec008 corporate/4.0/SRPMS/mysql-5.0.91-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
20117b2754e9b91d085ff9680d811611 corporate/4.0/x86_64/lib64mysql15-5.0.91-0.1.20060mlcs4.x86_64.rpm
1853101973ee2852c1009e7595a2bc31 corporate/4.0/x86_64/lib64mysql-devel-5.0.91-0.1.20060mlcs4.x86_64.rpm
dd09522b46023ae468563abd47460bd3 corporate/4.0/x86_64/lib64mysql-static-devel-5.0.91-0.1.20060mlcs4.x86_64.rpm
9f0c3810761e001a6e371012cc2743eb corporate/4.0/x86_64/mysql-5.0.91-0.1.20060mlcs4.x86_64.rpm
fd174ef50c83c54356ac8e4e891b3f73 corporate/4.0/x86_64/mysql-bench-5.0.91-0.1.20060mlcs4.x86_64.rpm
8a85a29a6ade51a0956786675ba887fe corporate/4.0/x86_64/mysql-client-5.0.91-0.1.20060mlcs4.x86_64.rpm
09daedce7d9a9c1c00168b0b1d42994f corporate/4.0/x86_64/mysql-common-5.0.91-0.1.20060mlcs4.x86_64.rpm
ef9743643cba3544a8824d4c17e0d6c8 corporate/4.0/x86_64/mysql-doc-5.0.91-0.1.20060mlcs4.x86_64.rpm
e7c3a9a251b4c8bc758591c5460d50dc corporate/4.0/x86_64/mysql-max-5.0.91-0.1.20060mlcs4.x86_64.rpm
f522e85eb231fc6a021219f9647f9333 corporate/4.0/x86_64/mysql-ndb-extra-5.0.91-0.1.20060mlcs4.x86_64.rpm
f702c3f65c406cc76ed2c7a784cef4f2 corporate/4.0/x86_64/mysql-ndb-management-5.0.91-0.1.20060mlcs4.x86_64.rpm
6442629a873f3cce5eb00d490068afbb corporate/4.0/x86_64/mysql-ndb-storage-5.0.91-0.1.20060mlcs4.x86_64.rpm
e3e5f618f95f4ff8f83761069c36fae2 corporate/4.0/x86_64/mysql-ndb-tools-5.0.91-0.1.20060mlcs4.x86_64.rpm
927ed1974f0a042693967b6fd22ec008 corporate/4.0/SRPMS/mysql-5.0.91-0.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
89c2269f406dc3045dfd7d4722439b89 mes5/i586/libmysql15-5.0.91-0.1mdvmes5.1.i586.rpm
a39245d96a2343f94a6c3de2b0a1d5e8 mes5/i586/libmysql-devel-5.0.91-0.1mdvmes5.1.i586.rpm
c3a8626adfa64c80e9780cae382677d3 mes5/i586/libmysql-static-devel-5.0.91-0.1mdvmes5.1.i586.rpm
d08bcf51ea7cca9291879867d94bfd46 mes5/i586/mysql-5.0.91-0.1mdvmes5.1.i586.rpm
894a8b94003bae051d4301f6adcf2669 mes5/i586/mysql-bench-5.0.91-0.1mdvmes5.1.i586.rpm
62396656052e01c3fdf8d500bc55a860 mes5/i586/mysql-client-5.0.91-0.1mdvmes5.1.i586.rpm
5b824ecf37eb00993e47aff4531775a7 mes5/i586/mysql-common-5.0.91-0.1mdvmes5.1.i586.rpm
bf869755a712d83629256a9a99c15711 mes5/i586/mysql-doc-5.0.91-0.1mdvmes5.1.i586.rpm
bff52c734c7efc2305e22c1dd2bdf094 mes5/i586/mysql-max-5.0.91-0.1mdvmes5.1.i586.rpm
5f33d4b7e2de3e03beb58bd5c543c97b mes5/i586/mysql-ndb-extra-5.0.91-0.1mdvmes5.1.i586.rpm
10133c0bfbaa5080156ff83f871ee4da mes5/i586/mysql-ndb-management-5.0.91-0.1mdvmes5.1.i586.rpm
35c3f4e88178c3bee2247aa5fe506aca mes5/i586/mysql-ndb-storage-5.0.91-0.1mdvmes5.1.i586.rpm
f4fc7bfef0241437d69d170e26391efc mes5/i586/mysql-ndb-tools-5.0.91-0.1mdvmes5.1.i586.rpm
d1e56324f66cd14937b7612206def290 mes5/SRPMS/mysql-5.0.91-0.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
8916ce12f0a1369f39cd250e2c8c35c9 mes5/x86_64/lib64mysql15-5.0.91-0.1mdvmes5.1.x86_64.rpm
8276a9fd8be29452610c67e2971be511 mes5/x86_64/lib64mysql-devel-5.0.91-0.1mdvmes5.1.x86_64.rpm
2306d392866669f16ed65275ec8ea1ec mes5/x86_64/lib64mysql-static-devel-5.0.91-0.1mdvmes5.1.x86_64.rpm
da916613ff80db456eadddd61d6cba18 mes5/x86_64/mysql-5.0.91-0.1mdvmes5.1.x86_64.rpm
8563b08ca76a16d01f1b9c41b9cc7dcc mes5/x86_64/mysql-bench-5.0.91-0.1mdvmes5.1.x86_64.rpm
88289d93bf3e177ae304843fc3f221a4 mes5/x86_64/mysql-client-5.0.91-0.1mdvmes5.1.x86_64.rpm
55b1ddf76c99a5561b738682fb55b4fb mes5/x86_64/mysql-common-5.0.91-0.1mdvmes5.1.x86_64.rpm
8b33e50cc5c12dfb577a7d1ca85800ea mes5/x86_64/mysql-doc-5.0.91-0.1mdvmes5.1.x86_64.rpm
b2fd7c02c73ab39a68c5799ae71769da mes5/x86_64/mysql-max-5.0.91-0.1mdvmes5.1.x86_64.rpm
0875dffd5f38fd9873347aad5353cdc1 mes5/x86_64/mysql-ndb-extra-5.0.91-0.1mdvmes5.1.x86_64.rpm
1fcf16f947ccc0eca16aa5f47f910ded mes5/x86_64/mysql-ndb-management-5.0.91-0.1mdvmes5.1.x86_64.rpm
93bfc7f9bd45288ea5e6d97aedfd109e mes5/x86_64/mysql-ndb-storage-5.0.91-0.1mdvmes5.1.x86_64.rpm
a98125ba65e6ade91189944dd148a218 mes5/x86_64/mysql-ndb-tools-5.0.91-0.1mdvmes5.1.x86_64.rpm
d1e56324f66cd14937b7612206def290 mes5/SRPMS/mysql-5.0.91-0.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM2VUgmqjQ0CJFipgRAkmKAKDZq9ZsL8ehC3DYz8Cvl7S9kOMIigCfc/Bn
PtNWZN/OpXqCPP3oiCQKR4Y=
=W5lO
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed