MDVSA-2011:012

Package name

mysql

Date

2011-01-17

Advisory ID

MDVSA-2011:012

Affected versions

2010.1 x86_64 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586

Problem description

Multiple vulnerabilities has been found and corrected in mysql:

storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before
5.1.49 allows remote authenticated users to cause a denial of service
(assertion failure) by modifying the (1) innodb_file_format or (2)
innodb_file_per_table configuration parameters for the InnoDB storage
engine, then executing a DDL statement (CVE-2010-3676).

MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon
crash) via a join query that uses a table with a unique SET column
(CVE-2010-3677).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
a denial of service (crash) via (1) IN or (2) CASE operations with
NULL arguments that are explicitly specified or indirectly provided
by the WITH ROLLUP modifier (CVE-2010-3678).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
a denial of service (mysqld daemon crash) via certain arguments to
the BINLOG command, which triggers an access of uninitialized memory,
as demonstrated by valgrind (CVE-2010-3679).

MySQL 5.1 before 5.1.49 allows remote authenticated users to cause
a denial of service (mysqld daemon crash) by creating temporary
tables while using InnoDB, which triggers an assertion failure
(CVE-2010-3680).

MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote
authenticated users to cause a denial of service (mysqld daemon
crash) by using the HANDLER interface and performing alternate reads
from two indexes on a table, which triggers an assertion failure
(CVE-2010-3681).

MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY \(SELECT
... WHERE ...\)" statements, which triggers a NULL pointer dereference
in the Item_singlerow_subselect::store function (CVE-2010-3682).

MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when
a LOAD DATA INFILE request generates SQL errors, which allows remote
authenticated users to cause a denial of service (mysqld daemon crash)
via a crafted request (CVE-2010-3683).

The updated packages have been upgraded to the latest (last) stable
5.1 release (5.1.54) to address these issues for both Mandriva Linux
2010.0 and 2010.2.

Updated packages

2010.1 x86_64

 85ac66bedb992414bac140032eb47ed1  2010.1/x86_64/lib64mysql16-5.1.54-0.1mdv2010.2.x86_64.rpm
 e85bd21971ca794e95bb9f541a3511cc  2010.1/x86_64/lib64mysql-devel-5.1.54-0.1mdv2010.2.x86_64.rpm
 b1c5ce8655927dd256fcd41c1bbdf0fc  2010.1/x86_64/lib64mysql-static-devel-5.1.54-0.1mdv2010.2.x86_64.rpm
 5784ccf8aa36e5000edc04150beee1cf  2010.1/x86_64/mysql-5.1.54-0.1mdv2010.2.x86_64.rpm
 54ab31208fc60287f6b8fca8ede588e3  2010.1/x86_64/mysql-bench-5.1.54-0.1mdv2010.2.x86_64.rpm
 92c29d677050756b9eb98cab809716cb  2010.1/x86_64/mysql-client-5.1.54-0.1mdv2010.2.x86_64.rpm
 02219be1589f879e7c3a270bcf1764c9  2010.1/x86_64/mysql-common-5.1.54-0.1mdv2010.2.x86_64.rpm
 331dda5c7e2495db7a7422ebc4d3766c  2010.1/x86_64/mysql-common-core-5.1.54-0.1mdv2010.2.x86_64.rpm
 0fb4c6c0206dd361b485343a63f38597  2010.1/x86_64/mysql-core-5.1.54-0.1mdv2010.2.x86_64.rpm
 55e606e6edd8e79e878d5da3dd4161c0  2010.1/x86_64/mysql-plugin_pbxt-1.0.11-13.1mdv2010.2.x86_64.rpm
 710964319335515700860f6ac3a856e1  2010.1/x86_64/mysql-plugin_pinba-0.0.5-13.1mdv2010.2.x86_64.rpm
 3aad9d71ce8730d504ede7eb465584b8  2010.1/x86_64/mysql-plugin_revision-0.1-13.1mdv2010.2.x86_64.rpm
 89803a2b93fefa5630b5442750e08d87  2010.1/x86_64/mysql-plugin_sphinx-0.9.9-13.1mdv2010.2.x86_64.rpm 
 c759186cfea5fc30e40cb3c478db040b  2010.1/SRPMS/mysql-5.1.54-0.1mdv2010.2.src.rpm

2010.1 i586

 a730b66d0f60a3ae797cfd1508573e14  2010.1/i586/libmysql16-5.1.54-0.1mdv2010.2.i586.rpm
 4db227ee520cc8fa2756cca5102c136f  2010.1/i586/libmysql-devel-5.1.54-0.1mdv2010.2.i586.rpm
 4fa187bf89c62a0b88b2614ccefd9b14  2010.1/i586/libmysql-static-devel-5.1.54-0.1mdv2010.2.i586.rpm
 5755eb749663381170e8776e8bc5a6ab  2010.1/i586/mysql-5.1.54-0.1mdv2010.2.i586.rpm
 54f5b5ca8145c1b3427a99374b3d7966  2010.1/i586/mysql-bench-5.1.54-0.1mdv2010.2.i586.rpm
 ca7475819312d72b58c8e80605f3a9d0  2010.1/i586/mysql-client-5.1.54-0.1mdv2010.2.i586.rpm
 77bf12591d85ce2a20ff01f60143ec2e  2010.1/i586/mysql-common-5.1.54-0.1mdv2010.2.i586.rpm
 d84835654b3c7ea383eb7522c0b42168  2010.1/i586/mysql-common-core-5.1.54-0.1mdv2010.2.i586.rpm
 a99914d27081cd012d8d84c931bb9f8b  2010.1/i586/mysql-core-5.1.54-0.1mdv2010.2.i586.rpm
 f60c297e866c86b5380a239f7ac4ecda  2010.1/i586/mysql-plugin_pbxt-1.0.11-13.1mdv2010.2.i586.rpm
 f8358bb5e71e3a7aa16ba21b494bb0d7  2010.1/i586/mysql-plugin_pinba-0.0.5-13.1mdv2010.2.i586.rpm
 acbe66b8e8e3f908293df4245c17b2fd  2010.1/i586/mysql-plugin_revision-0.1-13.1mdv2010.2.i586.rpm
 48af02184d67efb8102b1cc95e05a04a  2010.1/i586/mysql-plugin_sphinx-0.9.9-13.1mdv2010.2.i586.rpm 
 c759186cfea5fc30e40cb3c478db040b  2010.1/SRPMS/mysql-5.1.54-0.1mdv2010.2.src.rpm

2010.0 x86_64

 c3447fdfd64da373d4953ec3b661c1c9  2010.0/x86_64/lib64mysql16-5.1.54-0.1mdv2010.0.x86_64.rpm
 30d5d8de87063a13bbfb8378b3bb6fb9  2010.0/x86_64/lib64mysql-devel-5.1.54-0.1mdv2010.0.x86_64.rpm
 412bd3ffd06d513efea926d92943d784  2010.0/x86_64/lib64mysql-static-devel-5.1.54-0.1mdv2010.0.x86_64.rpm
 38d7840bcf97600cce12b29c83cd40e0  2010.0/x86_64/mysql-5.1.54-0.1mdv2010.0.x86_64.rpm
 47f562cbfbf5cb23ccaec63e264a8c8f  2010.0/x86_64/mysql-bench-5.1.54-0.1mdv2010.0.x86_64.rpm
 80d9559b2a6c8fc4f2579d3413ff8b0c  2010.0/x86_64/mysql-client-5.1.54-0.1mdv2010.0.x86_64.rpm
 a7e714560f74258e7a9f1e6774759ef2  2010.0/x86_64/mysql-common-5.1.54-0.1mdv2010.0.x86_64.rpm
 a4a5d91865a4c86f252993ec8030a8cf  2010.0/x86_64/mysql-common-core-5.1.54-0.1mdv2010.0.x86_64.rpm
 271b2e32d1143923fec7add90fb56b0f  2010.0/x86_64/mysql-core-5.1.54-0.1mdv2010.0.x86_64.rpm
 04430eca656a618b4e509f9fbe7a3848  2010.0/x86_64/mysql-doc-5.1.54-0.1mdv2010.0.x86_64.rpm
 8d8679eb10880e3ecd683be974a7289f  2010.0/x86_64/mysql-max-5.1.54-0.1mdv2010.0.x86_64.rpm
 a1254ba2abc8ac1686f29236f6f59b2e  2010.0/x86_64/mysql-ndb-extra-5.1.54-0.1mdv2010.0.x86_64.rpm
 8c80ba5223247605844b19a8a5ec6cc4  2010.0/x86_64/mysql-ndb-management-5.1.54-0.1mdv2010.0.x86_64.rpm
 8b212ceeb5ff305da7c9cbfcc3eb3bde  2010.0/x86_64/mysql-ndb-storage-5.1.54-0.1mdv2010.0.x86_64.rpm
 90761e3010c02fabe981c94b062240b1  2010.0/x86_64/mysql-ndb-tools-5.1.54-0.1mdv2010.0.x86_64.rpm 
 5324dc97841f5cec84a6616480754af5  2010.0/SRPMS/mysql-5.1.54-0.1mdv2010.0.src.rpm

2010.0 i586

 686ff6ab1037be9055b963c0da868c5a  2010.0/i586/libmysql16-5.1.54-0.1mdv2010.0.i586.rpm
 d21f5354b7a1137331b72ac8c01b65d1  2010.0/i586/libmysql-devel-5.1.54-0.1mdv2010.0.i586.rpm
 7380f13c75cd45dc7a4cab7500e76a7d  2010.0/i586/libmysql-static-devel-5.1.54-0.1mdv2010.0.i586.rpm
 fff29fa545c7e13c9dc73562f1a791b7  2010.0/i586/mysql-5.1.54-0.1mdv2010.0.i586.rpm
 3297cd90c967f1f962dfc7fea86aac8e  2010.0/i586/mysql-bench-5.1.54-0.1mdv2010.0.i586.rpm
 5ad1ecb0d6c1c23bb942463c94a85d47  2010.0/i586/mysql-client-5.1.54-0.1mdv2010.0.i586.rpm
 b31d77434db4049124c0ec0b6a2bcc7d  2010.0/i586/mysql-common-5.1.54-0.1mdv2010.0.i586.rpm
 619b1912a74fd2afa25cd3da86e72d04  2010.0/i586/mysql-common-core-5.1.54-0.1mdv2010.0.i586.rpm
 d93e4ed4822e6129cb49a3b1ea571c85  2010.0/i586/mysql-core-5.1.54-0.1mdv2010.0.i586.rpm
 f57f82b2bf007b41084ae40fb8efe4b4  2010.0/i586/mysql-doc-5.1.54-0.1mdv2010.0.i586.rpm
 2cf147d708c9389e9c7fd1333ae4ec59  2010.0/i586/mysql-max-5.1.54-0.1mdv2010.0.i586.rpm
 f943f6be18cc94174ebcff0b38912235  2010.0/i586/mysql-ndb-extra-5.1.54-0.1mdv2010.0.i586.rpm
 a5046d568ef2784e9dab8fdfb0844e5b  2010.0/i586/mysql-ndb-management-5.1.54-0.1mdv2010.0.i586.rpm
 2ca5966b89add7a0c1fd45d24ea46e68  2010.0/i586/mysql-ndb-storage-5.1.54-0.1mdv2010.0.i586.rpm
 6ce6e0ce63deba613978b9e1f250dbda  2010.0/i586/mysql-ndb-tools-5.1.54-0.1mdv2010.0.i586.rpm 
 5324dc97841f5cec84a6616480754af5  2010.0/SRPMS/mysql-5.1.54-0.1mdv2010.0.src.rpm

References

• http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html
• http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3676
• http://www.mysql.com/support/eol-notice.html