-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:155 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : August 20, 2010 Affected: 2010.0, 2010.1 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in mysql: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory (CVE-2010-2008). Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as: * LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported. Also, an assert related to client-server protocol checking in debug servers sometimes was raised when it should not have been. (Bug#52512) * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711) * The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. (Bug#54007) * A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash. (Bug#54393) * Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE). (Bug#54477) * Joins involving a table with with a unique SET column could cause a server crash. (Bug#54575) * Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. (Bug#54044) The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008 http://bugs.mysql.com/bug.php?id=52512 http://bugs.mysql.com/bug.php?id=52711 http://bugs.mysql.com/bug.php?id=54007 http://bugs.mysql.com/bug.php?id=54393 http://bugs.mysql.com/bug.php?id=54477 http://bugs.mysql.com/bug.php?id=54575 http://bugs.mysql.com/bug.php?id=54044 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: e0181e6f02a4d75da4844afb468a2272 2010.0/i586/libmysql16-5.1.42-0.6mdv2010.0.i586.rpm 90babf8758412eedecb7eb6c9881d1a9 2010.0/i586/libmysql-devel-5.1.42-0.6mdv2010.0.i586.rpm 217ebcccf4b1af0701bdcf042165be12 2010.0/i586/libmysql-static-devel-5.1.42-0.6mdv2010.0.i586.rpm 6b1a9b256eb1d1449609a9e914f7664e 2010.0/i586/mysql-5.1.42-0.6mdv2010.0.i586.rpm 7add987091592e974e8ae64994c82313 2010.0/i586/mysql-bench-5.1.42-0.6mdv2010.0.i586.rpm a13c5bb98abb9aba82fb80dcb27e2752 2010.0/i586/mysql-client-5.1.42-0.6mdv2010.0.i586.rpm 8b2847d65735c38458c77153072a281e 2010.0/i586/mysql-common-5.1.42-0.6mdv2010.0.i586.rpm 86567fb759318246336f7077d6c13709 2010.0/i586/mysql-common-core-5.1.42-0.6mdv2010.0.i586.rpm e8a3c6e59eb5321d13ad1a863465f6ef 2010.0/i586/mysql-core-5.1.42-0.6mdv2010.0.i586.rpm b54c2338358f35dfb1292d615583ea2a 2010.0/i586/mysql-doc-5.1.42-0.6mdv2010.0.i586.rpm 1b4987ab9f81a4c0cd8e44e2bb2433c4 2010.0/i586/mysql-max-5.1.42-0.6mdv2010.0.i586.rpm 38c17d5f3d550d81dc14f38b7a5dc73d 2010.0/i586/mysql-ndb-extra-5.1.42-0.6mdv2010.0.i586.rpm 75cde53e6cc55176915cdd510419052c 2010.0/i586/mysql-ndb-management-5.1.42-0.6mdv2010.0.i586.rpm 522dd59860efcf76b2ecbd598e1fbba4 2010.0/i586/mysql-ndb-storage-5.1.42-0.6mdv2010.0.i586.rpm a2fbac8608bd716b13b24644fc4e28c5 2010.0/i586/mysql-ndb-tools-5.1.42-0.6mdv2010.0.i586.rpm 9a02ff536f50d0dec97097d94d24c7e6 2010.0/SRPMS/mysql-5.1.42-0.6mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: dfa125382cbe6a86a3e2747c40e80556 2010.0/x86_64/lib64mysql16-5.1.42-0.6mdv2010.0.x86_64.rpm 968922e7d30ad10adc07e494df043f65 2010.0/x86_64/lib64mysql-devel-5.1.42-0.6mdv2010.0.x86_64.rpm 6fc264fa829f9e1843bfe1fa2034b7c7 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.6mdv2010.0.x86_64.rpm 13b2e24a215b63f36eb530b352a67ad3 2010.0/x86_64/mysql-5.1.42-0.6mdv2010.0.x86_64.rpm e32753015f97d63a4bc07e88d9823250 2010.0/x86_64/mysql-bench-5.1.42-0.6mdv2010.0.x86_64.rpm c06b10d407d93365d728eacecf54ae2b 2010.0/x86_64/mysql-client-5.1.42-0.6mdv2010.0.x86_64.rpm f89dc39e6cc7a5c4e567f8c92cff9c5d 2010.0/x86_64/mysql-common-5.1.42-0.6mdv2010.0.x86_64.rpm 8983a954ac90e6f57b3b6b93dd5a390d 2010.0/x86_64/mysql-common-core-5.1.42-0.6mdv2010.0.x86_64.rpm d656b12ce58632088b1156685f5e02ed 2010.0/x86_64/mysql-core-5.1.42-0.6mdv2010.0.x86_64.rpm 233eedc8496ebcc87fd816e2a571c800 2010.0/x86_64/mysql-doc-5.1.42-0.6mdv2010.0.x86_64.rpm 8eab7f59e2cd28e04e2fac6b27b248e3 2010.0/x86_64/mysql-max-5.1.42-0.6mdv2010.0.x86_64.rpm 4b3c37814d862cbbce00af6fa9c84e0f 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.6mdv2010.0.x86_64.rpm cb105cd46742d7c16f60197a7a7d5164 2010.0/x86_64/mysql-ndb-management-5.1.42-0.6mdv2010.0.x86_64.rpm 1405a62c2ed606a611e9ea05323c17d2 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.6mdv2010.0.x86_64.rpm 9fe486a7b2aeacb8f44e1254538a4bbf 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.6mdv2010.0.x86_64.rpm 9a02ff536f50d0dec97097d94d24c7e6 2010.0/SRPMS/mysql-5.1.42-0.6mdv2010.0.src.rpm Mandriva Linux 2010.1: 9b26917d3f8a0867796ed4b0abf3b593 2010.1/i586/libmysql16-5.1.46-4.1mdv2010.1.i586.rpm a66497934fc6a7f6ddedb23b377f30eb 2010.1/i586/libmysql-devel-5.1.46-4.1mdv2010.1.i586.rpm 4f576adb88c4059dc6a032b6def9d3c7 2010.1/i586/libmysql-static-devel-5.1.46-4.1mdv2010.1.i586.rpm fc09d0963ef6137b890cebc3f2bcfb7f 2010.1/i586/mysql-5.1.46-4.1mdv2010.1.i586.rpm 6c380457de4d14b2fb5c2bb9d7ccef2a 2010.1/i586/mysql-bench-5.1.46-4.1mdv2010.1.i586.rpm abe986ae0c4f41a836aa41e1994a2bf7 2010.1/i586/mysql-client-5.1.46-4.1mdv2010.1.i586.rpm 7b91ade7f6ca9849cbc575d2c4509351 2010.1/i586/mysql-common-5.1.46-4.1mdv2010.1.i586.rpm 8d426b99b7a65269f64366f2deb9a955 2010.1/i586/mysql-common-core-5.1.46-4.1mdv2010.1.i586.rpm 050e1d41c7c8923a6b66fc954962dc73 2010.1/i586/mysql-core-5.1.46-4.1mdv2010.1.i586.rpm 9d92266b348047b2d5c2314320a81453 2010.1/i586/mysql-plugin_pbxt-1.0.10-13.1mdv2010.1.i586.rpm 46b4f2dd48c3b4c976ec32f497e64eec 2010.1/i586/mysql-plugin_pinba-0.0.5-13.1mdv2010.1.i586.rpm d68b654e70ae110b4fd39f8025fa2826 2010.1/i586/mysql-plugin_revision-0.1-13.1mdv2010.1.i586.rpm 812f10b106f16d9f38f6b69bcda22d9c 2010.1/i586/mysql-plugin_sphinx-0.9.9-13.1mdv2010.1.i586.rpm 45a49833d1714319fa9236190dfa2390 2010.1/i586/mysql-plugin_spider-2.13-13.1mdv2010.1.i586.rpm fa916f4e032d28a6e0c8036026db9a26 2010.1/SRPMS/mysql-5.1.46-4.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 937f600c8f2ba9e76da5fc3b817106f7 2010.1/x86_64/lib64mysql16-5.1.46-4.1mdv2010.1.x86_64.rpm 5c504645dd2944a1fc894fef5f9960c6 2010.1/x86_64/lib64mysql-devel-5.1.46-4.1mdv2010.1.x86_64.rpm a9e3f0fd47eb4c3064675b99d92874bd 2010.1/x86_64/lib64mysql-static-devel-5.1.46-4.1mdv2010.1.x86_64.rpm 693048d4d8d9b5608bbf5ba781701195 2010.1/x86_64/mysql-5.1.46-4.1mdv2010.1.x86_64.rpm 5a8b8519ab0002bf676abb0f912fab24 2010.1/x86_64/mysql-bench-5.1.46-4.1mdv2010.1.x86_64.rpm 64b96e2ba5f040d98efe3c8057876873 2010.1/x86_64/mysql-client-5.1.46-4.1mdv2010.1.x86_64.rpm db25c98330349452f20edbb74b5e82b4 2010.1/x86_64/mysql-common-5.1.46-4.1mdv2010.1.x86_64.rpm e06e683b1ca6ed4def6e03cfc13569ae 2010.1/x86_64/mysql-common-core-5.1.46-4.1mdv2010.1.x86_64.rpm 0a6801cf988f8a0d6cd7b24ba8a12c4a 2010.1/x86_64/mysql-core-5.1.46-4.1mdv2010.1.x86_64.rpm 63c665a719242eab65168ec1dfcbc767 2010.1/x86_64/mysql-plugin_pbxt-1.0.10-13.1mdv2010.1.x86_64.rpm 57498e5bfa7e9c89774321f68308beb6 2010.1/x86_64/mysql-plugin_pinba-0.0.5-13.1mdv2010.1.x86_64.rpm df8ec7acf48ae5e1d5263548594e7439 2010.1/x86_64/mysql-plugin_revision-0.1-13.1mdv2010.1.x86_64.rpm a048ac261564614081ab2f7296cf74be 2010.1/x86_64/mysql-plugin_sphinx-0.9.9-13.1mdv2010.1.x86_64.rpm 9655f023de18252ad567604460f635fb 2010.1/x86_64/mysql-plugin_spider-2.13-13.1mdv2010.1.x86_64.rpm fa916f4e032d28a6e0c8036026db9a26 2010.1/SRPMS/mysql-5.1.46-4.1mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMbmOOmqjQ0CJFipgRAn/ZAKDCQuwf6wGQjZP6dv7gdzhPCcXRAACg08IZ iLdlzoOV+tPqxaisYBfG0CY= =O6Zj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/