MDVSA-2010:155-1

Nom du paquet

mysql

Date

2010-11-08

Advisory ID

MDVSA-2010:155-1

Affected versions

2009.1 i586 , 2009.1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in mysql:

MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash
and database loss) via an ALTER DATABASE command with a #mysql50#
string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
causes MySQL to move certain directories to the server data directory
(CVE-2010-2008).

Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as:

* LOAD DATA INFILE did not check for SQL errors and sent an OK packet
even when errors were already reported. Also, an assert related to
client-server protocol checking in debug servers sometimes was raised
when it should not have been. (Bug#52512) (CVE-2010-3683)

* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER
BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)
(CVE-2010-3682)

* The server could crash if there were alternate reads from two indexes
on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)

* A malformed argument to the BINLOG statement could result in Valgrind
warnings or a server crash. (Bug#54393) (CVE-2010-3679)

* Incorrect handling of NULL arguments could lead to a crash for IN()
or CASE operations when NULL arguments were either passed explicitly
as arguments (for IN()) or implicitly generated by the WITH ROLLUP
modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)

* Joins involving a table with with a unique SET column could cause
a server crash. (Bug#54575) (CVE-2010-3677)

* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash. (Bug#54044) (CVE-2010-3680)

The updated packages have been patched to correct these issues.

Update:

Packages for 2009.1 was not provided with the MDVSA-2010:155
advisory. This advisory provides the missing packages.

Updated packages

2009.1 i586

 adfd92c6e4de06c22f7066b3880c7256  2009.1/i586/libmysql16-5.1.42-0.6mdv2009.1.i586.rpm
 5961a072e203925f3e85895e71c6d114  2009.1/i586/libmysql-devel-5.1.42-0.6mdv2009.1.i586.rpm
 87b2fb4508b2574b9610549cffe5d641  2009.1/i586/libmysql-static-devel-5.1.42-0.6mdv2009.1.i586.rpm
 0bb6bc8032660f9441595a897e5e37c2  2009.1/i586/mysql-5.1.42-0.6mdv2009.1.i586.rpm
 aa383ed18610327d12846a66d6d8b5bd  2009.1/i586/mysql-bench-5.1.42-0.6mdv2009.1.i586.rpm
 5abcaf797500228df411a10e9c1dd5a0  2009.1/i586/mysql-client-5.1.42-0.6mdv2009.1.i586.rpm
 883b4e34ece270efb56c2eaa60a3a5f0  2009.1/i586/mysql-common-5.1.42-0.6mdv2009.1.i586.rpm
 9fb48d28f8df4cb00aea4362837d2c3f  2009.1/i586/mysql-doc-5.1.42-0.6mdv2009.1.i586.rpm
 67c086070030addfd770cc4d4c3db6bf  2009.1/i586/mysql-max-5.1.42-0.6mdv2009.1.i586.rpm
 51e5a59f9aca3d05bbfb9a036f90ea54  2009.1/i586/mysql-ndb-extra-5.1.42-0.6mdv2009.1.i586.rpm
 d3da22f20148d43a625f3715f1d02be7  2009.1/i586/mysql-ndb-management-5.1.42-0.6mdv2009.1.i586.rpm
 a1d895e569730d42bed74d2b3b54ee0e  2009.1/i586/mysql-ndb-storage-5.1.42-0.6mdv2009.1.i586.rpm
 9db83e6bd1b332ed2bcfa55c3d1cbf11  2009.1/i586/mysql-ndb-tools-5.1.42-0.6mdv2009.1.i586.rpm 
 39c0f1c0030455d78aa1f6c240e78f42  2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm

2009.1 x86_64

 81c56209ceffc1c4a8718beed142e0bd  2009.1/x86_64/lib64mysql16-5.1.42-0.6mdv2009.1.x86_64.rpm
 fca597b87c3f7d5d5ca40f6c24afe2c3  2009.1/x86_64/lib64mysql-devel-5.1.42-0.6mdv2009.1.x86_64.rpm
 8287471cd70b341806f7e72a16222e68  2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.6mdv2009.1.x86_64.rpm
 5f4a264351859a08b259178c7fb6709e  2009.1/x86_64/mysql-5.1.42-0.6mdv2009.1.x86_64.rpm
 d5fd6ed95e52ffa75055b2e23ea880e1  2009.1/x86_64/mysql-bench-5.1.42-0.6mdv2009.1.x86_64.rpm
 2621cfecdf4b53bfe363d99a9225ca31  2009.1/x86_64/mysql-client-5.1.42-0.6mdv2009.1.x86_64.rpm
 1960228ef94d993486ab73a58323cc3e  2009.1/x86_64/mysql-common-5.1.42-0.6mdv2009.1.x86_64.rpm
 dd4821845d060dd6dac38217cc8cac66  2009.1/x86_64/mysql-doc-5.1.42-0.6mdv2009.1.x86_64.rpm
 65432b5801c2ac0b4f2c536a816bc06d  2009.1/x86_64/mysql-max-5.1.42-0.6mdv2009.1.x86_64.rpm
 3cf458db3d034e5998bccb70c006b71a  2009.1/x86_64/mysql-ndb-extra-5.1.42-0.6mdv2009.1.x86_64.rpm
 dea28a0be7cfcd99d942ce22f7999308  2009.1/x86_64/mysql-ndb-management-5.1.42-0.6mdv2009.1.x86_64.rpm
 45329f869ffee6b497ad73da0a81019f  2009.1/x86_64/mysql-ndb-storage-5.1.42-0.6mdv2009.1.x86_64.rpm
 72e2f6029c889723d0f003ffdbf007d1  2009.1/x86_64/mysql-ndb-tools-5.1.42-0.6mdv2009.1.x86_64.rpm 
 39c0f1c0030455d78aa1f6c240e78f42  2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm

References

• http://bugs.mysql.com/bug.php?id=54393
• http://bugs.mysql.com/bug.php?id=54007
• http://bugs.mysql.com/bug.php?id=52711
• http://bugs.mysql.com/bug.php?id=52512
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
• http://bugs.mysql.com/bug.php?id=54477
• http://bugs.mysql.com/bug.php?id=54575
• http://bugs.mysql.com/bug.php?id=54044