-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:222 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : November 9, 2010 Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered and corrected in mysql: * Joins involving a table with with a unique SET column could cause a server crash (CVE-2010-3677). * Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash (CVE-2010-3680). * The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface (CVE-2010-3681). * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash (CVE-2010-3682). * During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash (CVE-2010-3833). * The server could crash after materializing a derived table that required a temporary table for grouping (CVE-2010-3834). * A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted (CVE-2010-3835). * Pre-evaluation of LIKE predicates during view preparation could cause a server crash (CVE-2010-3836). * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash (CVE-2010-3837). * Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table (CVE-2010-3838). * Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements (CVE-2010-3839). * The PolyFromWKB() function could crash the server when improper WKB data was passed to the function (CVE-2010-3840). Additionally the default behaviour of using the mysqlmanager instead of the mysqld_safe script has been reverted in the SysV init script because of instability issues with the mysqlmanager. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to mysql 5.0.91 and patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3840 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html http://bugs.mysql.com/bug.php?id=54575 http://bugs.mysql.com/bug.php?id=54044 http://bugs.mysql.com/bug.php?id=54007 http://bugs.mysql.com/bug.php?id=52711 http://bugs.mysql.com/bug.php?id=55826 http://bugs.mysql.com/bug.php?id=55568 http://bugs.mysql.com/bug.php?id=55564 http://bugs.mysql.com/bug.php?id=54568 http://bugs.mysql.com/bug.php?id=54476 http://bugs.mysql.com/bug.php?id=54461 http://bugs.mysql.com/bug.php?id=53544 http://bugs.mysql.com/bug.php?id=51875 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: eb907536a0eeaaa029dc177ea9ef0a39 2009.0/i586/libmysql15-5.0.91-0.1mdv2009.0.i586.rpm 6478e39626354dceed037e214ec6cb1b 2009.0/i586/libmysql-devel-5.0.91-0.1mdv2009.0.i586.rpm f241d659367edc2514f252a770715ce3 2009.0/i586/libmysql-static-devel-5.0.91-0.1mdv2009.0.i586.rpm 3acc56592aa5ef4ae5227c204a3a5931 2009.0/i586/mysql-5.0.91-0.1mdv2009.0.i586.rpm 6dd27cf8a8a6ddfcba4ff41199e5af53 2009.0/i586/mysql-bench-5.0.91-0.1mdv2009.0.i586.rpm 969531a60f2b36ce51504ced260b0df9 2009.0/i586/mysql-client-5.0.91-0.1mdv2009.0.i586.rpm 0d6e8961bb929492b105d4552622eaa4 2009.0/i586/mysql-common-5.0.91-0.1mdv2009.0.i586.rpm e34023d0f7030d97f5ae90299b68eec9 2009.0/i586/mysql-doc-5.0.91-0.1mdv2009.0.i586.rpm 4d23ed1d323b7386428dc5f558d3dfe2 2009.0/i586/mysql-max-5.0.91-0.1mdv2009.0.i586.rpm b9f3ae1f4537d552874ca55ed0bbb0d5 2009.0/i586/mysql-ndb-extra-5.0.91-0.1mdv2009.0.i586.rpm 71e6e537d8ca78f4feb184127c6d2241 2009.0/i586/mysql-ndb-management-5.0.91-0.1mdv2009.0.i586.rpm ca105074d069cff1a46b33d97ad98d9c 2009.0/i586/mysql-ndb-storage-5.0.91-0.1mdv2009.0.i586.rpm fbb37043811a661be20b76f2b5580f69 2009.0/i586/mysql-ndb-tools-5.0.91-0.1mdv2009.0.i586.rpm a08639f29c6d8a07534854c05a1d455b 2009.0/SRPMS/mysql-5.0.91-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: cd1407d890e82227401c8b362707b3b9 2009.0/x86_64/lib64mysql15-5.0.91-0.1mdv2009.0.x86_64.rpm e0e273aa8b3491d2c9a4e3262769105f 2009.0/x86_64/lib64mysql-devel-5.0.91-0.1mdv2009.0.x86_64.rpm 2d33f0fe6f058303912058018a3d0d06 2009.0/x86_64/lib64mysql-static-devel-5.0.91-0.1mdv2009.0.x86_64.rpm da91cf85defd1b0cff9c069fadd07e5d 2009.0/x86_64/mysql-5.0.91-0.1mdv2009.0.x86_64.rpm 8ebcffba8321ae17aae21cb3ba52a3e9 2009.0/x86_64/mysql-bench-5.0.91-0.1mdv2009.0.x86_64.rpm d5d640a2ef35848f9befc0be86d78a49 2009.0/x86_64/mysql-client-5.0.91-0.1mdv2009.0.x86_64.rpm b526d8835e448c064cd63f9aefb3623c 2009.0/x86_64/mysql-common-5.0.91-0.1mdv2009.0.x86_64.rpm f797fffb311a794dab45d168a8b781d6 2009.0/x86_64/mysql-doc-5.0.91-0.1mdv2009.0.x86_64.rpm 6fbb34d053af580605ee5e38319e70dc 2009.0/x86_64/mysql-max-5.0.91-0.1mdv2009.0.x86_64.rpm b3301c995e36f2785d25c7d3e61abe6e 2009.0/x86_64/mysql-ndb-extra-5.0.91-0.1mdv2009.0.x86_64.rpm 96296d78b320836f6199ccd9f6ded083 2009.0/x86_64/mysql-ndb-management-5.0.91-0.1mdv2009.0.x86_64.rpm 460ca6c62c5911774601ff0f2503e885 2009.0/x86_64/mysql-ndb-storage-5.0.91-0.1mdv2009.0.x86_64.rpm 414c0cf19deda444f69486aed137b9e6 2009.0/x86_64/mysql-ndb-tools-5.0.91-0.1mdv2009.0.x86_64.rpm a08639f29c6d8a07534854c05a1d455b 2009.0/SRPMS/mysql-5.0.91-0.1mdv2009.0.src.rpm Corporate 4.0: 93ceb9fd59484cdea928ffd2e06d149c corporate/4.0/i586/libmysql15-5.0.91-0.1.20060mlcs4.i586.rpm f80353a66273e0f70aba1f4821efd2fa corporate/4.0/i586/libmysql-devel-5.0.91-0.1.20060mlcs4.i586.rpm e755ee14f4d94b55db8a74dbb721f068 corporate/4.0/i586/libmysql-static-devel-5.0.91-0.1.20060mlcs4.i586.rpm 95abd2f134cf728ecebb4c4d0b4a6ae9 corporate/4.0/i586/mysql-5.0.91-0.1.20060mlcs4.i586.rpm 1c18fe18e0475ea49a4a50b9d1f6c091 corporate/4.0/i586/mysql-bench-5.0.91-0.1.20060mlcs4.i586.rpm 7399fd7ae6850c14792eac8b79a34523 corporate/4.0/i586/mysql-client-5.0.91-0.1.20060mlcs4.i586.rpm 4aee716bce3e5965688194b1cd1712eb corporate/4.0/i586/mysql-common-5.0.91-0.1.20060mlcs4.i586.rpm 86bfc5a65912fbbbe1ac5b9eda7b31f0 corporate/4.0/i586/mysql-doc-5.0.91-0.1.20060mlcs4.i586.rpm c387117b0a39d2bad9cec605f3f7314a corporate/4.0/i586/mysql-max-5.0.91-0.1.20060mlcs4.i586.rpm f63da7fe87e2eb742a6a74e2c66a57e6 corporate/4.0/i586/mysql-ndb-extra-5.0.91-0.1.20060mlcs4.i586.rpm 9dd84b4d7102bf330b2979d90f8983c8 corporate/4.0/i586/mysql-ndb-management-5.0.91-0.1.20060mlcs4.i586.rpm b51844ca5c493112335ca054f43e17d4 corporate/4.0/i586/mysql-ndb-storage-5.0.91-0.1.20060mlcs4.i586.rpm 09509a1f48bc11abe6570c3a46e9daf6 corporate/4.0/i586/mysql-ndb-tools-5.0.91-0.1.20060mlcs4.i586.rpm 927ed1974f0a042693967b6fd22ec008 corporate/4.0/SRPMS/mysql-5.0.91-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 20117b2754e9b91d085ff9680d811611 corporate/4.0/x86_64/lib64mysql15-5.0.91-0.1.20060mlcs4.x86_64.rpm 1853101973ee2852c1009e7595a2bc31 corporate/4.0/x86_64/lib64mysql-devel-5.0.91-0.1.20060mlcs4.x86_64.rpm dd09522b46023ae468563abd47460bd3 corporate/4.0/x86_64/lib64mysql-static-devel-5.0.91-0.1.20060mlcs4.x86_64.rpm 9f0c3810761e001a6e371012cc2743eb corporate/4.0/x86_64/mysql-5.0.91-0.1.20060mlcs4.x86_64.rpm fd174ef50c83c54356ac8e4e891b3f73 corporate/4.0/x86_64/mysql-bench-5.0.91-0.1.20060mlcs4.x86_64.rpm 8a85a29a6ade51a0956786675ba887fe corporate/4.0/x86_64/mysql-client-5.0.91-0.1.20060mlcs4.x86_64.rpm 09daedce7d9a9c1c00168b0b1d42994f corporate/4.0/x86_64/mysql-common-5.0.91-0.1.20060mlcs4.x86_64.rpm ef9743643cba3544a8824d4c17e0d6c8 corporate/4.0/x86_64/mysql-doc-5.0.91-0.1.20060mlcs4.x86_64.rpm e7c3a9a251b4c8bc758591c5460d50dc corporate/4.0/x86_64/mysql-max-5.0.91-0.1.20060mlcs4.x86_64.rpm f522e85eb231fc6a021219f9647f9333 corporate/4.0/x86_64/mysql-ndb-extra-5.0.91-0.1.20060mlcs4.x86_64.rpm f702c3f65c406cc76ed2c7a784cef4f2 corporate/4.0/x86_64/mysql-ndb-management-5.0.91-0.1.20060mlcs4.x86_64.rpm 6442629a873f3cce5eb00d490068afbb corporate/4.0/x86_64/mysql-ndb-storage-5.0.91-0.1.20060mlcs4.x86_64.rpm e3e5f618f95f4ff8f83761069c36fae2 corporate/4.0/x86_64/mysql-ndb-tools-5.0.91-0.1.20060mlcs4.x86_64.rpm 927ed1974f0a042693967b6fd22ec008 corporate/4.0/SRPMS/mysql-5.0.91-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 89c2269f406dc3045dfd7d4722439b89 mes5/i586/libmysql15-5.0.91-0.1mdvmes5.1.i586.rpm a39245d96a2343f94a6c3de2b0a1d5e8 mes5/i586/libmysql-devel-5.0.91-0.1mdvmes5.1.i586.rpm c3a8626adfa64c80e9780cae382677d3 mes5/i586/libmysql-static-devel-5.0.91-0.1mdvmes5.1.i586.rpm d08bcf51ea7cca9291879867d94bfd46 mes5/i586/mysql-5.0.91-0.1mdvmes5.1.i586.rpm 894a8b94003bae051d4301f6adcf2669 mes5/i586/mysql-bench-5.0.91-0.1mdvmes5.1.i586.rpm 62396656052e01c3fdf8d500bc55a860 mes5/i586/mysql-client-5.0.91-0.1mdvmes5.1.i586.rpm 5b824ecf37eb00993e47aff4531775a7 mes5/i586/mysql-common-5.0.91-0.1mdvmes5.1.i586.rpm bf869755a712d83629256a9a99c15711 mes5/i586/mysql-doc-5.0.91-0.1mdvmes5.1.i586.rpm bff52c734c7efc2305e22c1dd2bdf094 mes5/i586/mysql-max-5.0.91-0.1mdvmes5.1.i586.rpm 5f33d4b7e2de3e03beb58bd5c543c97b mes5/i586/mysql-ndb-extra-5.0.91-0.1mdvmes5.1.i586.rpm 10133c0bfbaa5080156ff83f871ee4da mes5/i586/mysql-ndb-management-5.0.91-0.1mdvmes5.1.i586.rpm 35c3f4e88178c3bee2247aa5fe506aca mes5/i586/mysql-ndb-storage-5.0.91-0.1mdvmes5.1.i586.rpm f4fc7bfef0241437d69d170e26391efc mes5/i586/mysql-ndb-tools-5.0.91-0.1mdvmes5.1.i586.rpm d1e56324f66cd14937b7612206def290 mes5/SRPMS/mysql-5.0.91-0.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 8916ce12f0a1369f39cd250e2c8c35c9 mes5/x86_64/lib64mysql15-5.0.91-0.1mdvmes5.1.x86_64.rpm 8276a9fd8be29452610c67e2971be511 mes5/x86_64/lib64mysql-devel-5.0.91-0.1mdvmes5.1.x86_64.rpm 2306d392866669f16ed65275ec8ea1ec mes5/x86_64/lib64mysql-static-devel-5.0.91-0.1mdvmes5.1.x86_64.rpm da916613ff80db456eadddd61d6cba18 mes5/x86_64/mysql-5.0.91-0.1mdvmes5.1.x86_64.rpm 8563b08ca76a16d01f1b9c41b9cc7dcc mes5/x86_64/mysql-bench-5.0.91-0.1mdvmes5.1.x86_64.rpm 88289d93bf3e177ae304843fc3f221a4 mes5/x86_64/mysql-client-5.0.91-0.1mdvmes5.1.x86_64.rpm 55b1ddf76c99a5561b738682fb55b4fb mes5/x86_64/mysql-common-5.0.91-0.1mdvmes5.1.x86_64.rpm 8b33e50cc5c12dfb577a7d1ca85800ea mes5/x86_64/mysql-doc-5.0.91-0.1mdvmes5.1.x86_64.rpm b2fd7c02c73ab39a68c5799ae71769da mes5/x86_64/mysql-max-5.0.91-0.1mdvmes5.1.x86_64.rpm 0875dffd5f38fd9873347aad5353cdc1 mes5/x86_64/mysql-ndb-extra-5.0.91-0.1mdvmes5.1.x86_64.rpm 1fcf16f947ccc0eca16aa5f47f910ded mes5/x86_64/mysql-ndb-management-5.0.91-0.1mdvmes5.1.x86_64.rpm 93bfc7f9bd45288ea5e6d97aedfd109e mes5/x86_64/mysql-ndb-storage-5.0.91-0.1mdvmes5.1.x86_64.rpm a98125ba65e6ade91189944dd148a218 mes5/x86_64/mysql-ndb-tools-5.0.91-0.1mdvmes5.1.x86_64.rpm d1e56324f66cd14937b7612206def290 mes5/SRPMS/mysql-5.0.91-0.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM2VUgmqjQ0CJFipgRAkmKAKDZq9ZsL8ehC3DYz8Cvl7S9kOMIigCfc/Bn PtNWZN/OpXqCPP3oiCQKR4Y= =W5lO -----END PGP SIGNATURE-----