[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OmSTw-0000xz-UX@titan.mandriva.com>
Date: Fri, 20 Aug 2010 16:22:07 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:155 ] mysql
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:155
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : August 20, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in mysql:
MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash
and database loss) via an ALTER DATABASE command with a #mysql50#
string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
causes MySQL to move certain directories to the server data directory
(CVE-2010-2008).
Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as:
* LOAD DATA INFILE did not check for SQL errors and sent an OK packet
even when errors were already reported. Also, an assert related to
client-server protocol checking in debug servers sometimes was raised
when it should not have been. (Bug#52512)
* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY
(SELECT ... WHERE ...) could cause a server crash. (Bug#52711)
* The server could crash if there were alternate reads from two
indexes on a table using the HANDLER interface. (Bug#54007)
* A malformed argument to the BINLOG statement could result in Valgrind
warnings or a server crash. (Bug#54393)
* Incorrect handling of NULL arguments could lead to a crash for IN()
or CASE operations when NULL arguments were either passed explicitly
as arguments (for IN()) or implicitly generated by the WITH ROLLUP
modifier (for IN() and CASE). (Bug#54477)
* Joins involving a table with with a unique SET column could cause
a server crash. (Bug#54575)
* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash. (Bug#54044)
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
http://bugs.mysql.com/bug.php?id=52512
http://bugs.mysql.com/bug.php?id=52711
http://bugs.mysql.com/bug.php?id=54007
http://bugs.mysql.com/bug.php?id=54393
http://bugs.mysql.com/bug.php?id=54477
http://bugs.mysql.com/bug.php?id=54575
http://bugs.mysql.com/bug.php?id=54044
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
e0181e6f02a4d75da4844afb468a2272 2010.0/i586/libmysql16-5.1.42-0.6mdv2010.0.i586.rpm
90babf8758412eedecb7eb6c9881d1a9 2010.0/i586/libmysql-devel-5.1.42-0.6mdv2010.0.i586.rpm
217ebcccf4b1af0701bdcf042165be12 2010.0/i586/libmysql-static-devel-5.1.42-0.6mdv2010.0.i586.rpm
6b1a9b256eb1d1449609a9e914f7664e 2010.0/i586/mysql-5.1.42-0.6mdv2010.0.i586.rpm
7add987091592e974e8ae64994c82313 2010.0/i586/mysql-bench-5.1.42-0.6mdv2010.0.i586.rpm
a13c5bb98abb9aba82fb80dcb27e2752 2010.0/i586/mysql-client-5.1.42-0.6mdv2010.0.i586.rpm
8b2847d65735c38458c77153072a281e 2010.0/i586/mysql-common-5.1.42-0.6mdv2010.0.i586.rpm
86567fb759318246336f7077d6c13709 2010.0/i586/mysql-common-core-5.1.42-0.6mdv2010.0.i586.rpm
e8a3c6e59eb5321d13ad1a863465f6ef 2010.0/i586/mysql-core-5.1.42-0.6mdv2010.0.i586.rpm
b54c2338358f35dfb1292d615583ea2a 2010.0/i586/mysql-doc-5.1.42-0.6mdv2010.0.i586.rpm
1b4987ab9f81a4c0cd8e44e2bb2433c4 2010.0/i586/mysql-max-5.1.42-0.6mdv2010.0.i586.rpm
38c17d5f3d550d81dc14f38b7a5dc73d 2010.0/i586/mysql-ndb-extra-5.1.42-0.6mdv2010.0.i586.rpm
75cde53e6cc55176915cdd510419052c 2010.0/i586/mysql-ndb-management-5.1.42-0.6mdv2010.0.i586.rpm
522dd59860efcf76b2ecbd598e1fbba4 2010.0/i586/mysql-ndb-storage-5.1.42-0.6mdv2010.0.i586.rpm
a2fbac8608bd716b13b24644fc4e28c5 2010.0/i586/mysql-ndb-tools-5.1.42-0.6mdv2010.0.i586.rpm
9a02ff536f50d0dec97097d94d24c7e6 2010.0/SRPMS/mysql-5.1.42-0.6mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
dfa125382cbe6a86a3e2747c40e80556 2010.0/x86_64/lib64mysql16-5.1.42-0.6mdv2010.0.x86_64.rpm
968922e7d30ad10adc07e494df043f65 2010.0/x86_64/lib64mysql-devel-5.1.42-0.6mdv2010.0.x86_64.rpm
6fc264fa829f9e1843bfe1fa2034b7c7 2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.6mdv2010.0.x86_64.rpm
13b2e24a215b63f36eb530b352a67ad3 2010.0/x86_64/mysql-5.1.42-0.6mdv2010.0.x86_64.rpm
e32753015f97d63a4bc07e88d9823250 2010.0/x86_64/mysql-bench-5.1.42-0.6mdv2010.0.x86_64.rpm
c06b10d407d93365d728eacecf54ae2b 2010.0/x86_64/mysql-client-5.1.42-0.6mdv2010.0.x86_64.rpm
f89dc39e6cc7a5c4e567f8c92cff9c5d 2010.0/x86_64/mysql-common-5.1.42-0.6mdv2010.0.x86_64.rpm
8983a954ac90e6f57b3b6b93dd5a390d 2010.0/x86_64/mysql-common-core-5.1.42-0.6mdv2010.0.x86_64.rpm
d656b12ce58632088b1156685f5e02ed 2010.0/x86_64/mysql-core-5.1.42-0.6mdv2010.0.x86_64.rpm
233eedc8496ebcc87fd816e2a571c800 2010.0/x86_64/mysql-doc-5.1.42-0.6mdv2010.0.x86_64.rpm
8eab7f59e2cd28e04e2fac6b27b248e3 2010.0/x86_64/mysql-max-5.1.42-0.6mdv2010.0.x86_64.rpm
4b3c37814d862cbbce00af6fa9c84e0f 2010.0/x86_64/mysql-ndb-extra-5.1.42-0.6mdv2010.0.x86_64.rpm
cb105cd46742d7c16f60197a7a7d5164 2010.0/x86_64/mysql-ndb-management-5.1.42-0.6mdv2010.0.x86_64.rpm
1405a62c2ed606a611e9ea05323c17d2 2010.0/x86_64/mysql-ndb-storage-5.1.42-0.6mdv2010.0.x86_64.rpm
9fe486a7b2aeacb8f44e1254538a4bbf 2010.0/x86_64/mysql-ndb-tools-5.1.42-0.6mdv2010.0.x86_64.rpm
9a02ff536f50d0dec97097d94d24c7e6 2010.0/SRPMS/mysql-5.1.42-0.6mdv2010.0.src.rpm
Mandriva Linux 2010.1:
9b26917d3f8a0867796ed4b0abf3b593 2010.1/i586/libmysql16-5.1.46-4.1mdv2010.1.i586.rpm
a66497934fc6a7f6ddedb23b377f30eb 2010.1/i586/libmysql-devel-5.1.46-4.1mdv2010.1.i586.rpm
4f576adb88c4059dc6a032b6def9d3c7 2010.1/i586/libmysql-static-devel-5.1.46-4.1mdv2010.1.i586.rpm
fc09d0963ef6137b890cebc3f2bcfb7f 2010.1/i586/mysql-5.1.46-4.1mdv2010.1.i586.rpm
6c380457de4d14b2fb5c2bb9d7ccef2a 2010.1/i586/mysql-bench-5.1.46-4.1mdv2010.1.i586.rpm
abe986ae0c4f41a836aa41e1994a2bf7 2010.1/i586/mysql-client-5.1.46-4.1mdv2010.1.i586.rpm
7b91ade7f6ca9849cbc575d2c4509351 2010.1/i586/mysql-common-5.1.46-4.1mdv2010.1.i586.rpm
8d426b99b7a65269f64366f2deb9a955 2010.1/i586/mysql-common-core-5.1.46-4.1mdv2010.1.i586.rpm
050e1d41c7c8923a6b66fc954962dc73 2010.1/i586/mysql-core-5.1.46-4.1mdv2010.1.i586.rpm
9d92266b348047b2d5c2314320a81453 2010.1/i586/mysql-plugin_pbxt-1.0.10-13.1mdv2010.1.i586.rpm
46b4f2dd48c3b4c976ec32f497e64eec 2010.1/i586/mysql-plugin_pinba-0.0.5-13.1mdv2010.1.i586.rpm
d68b654e70ae110b4fd39f8025fa2826 2010.1/i586/mysql-plugin_revision-0.1-13.1mdv2010.1.i586.rpm
812f10b106f16d9f38f6b69bcda22d9c 2010.1/i586/mysql-plugin_sphinx-0.9.9-13.1mdv2010.1.i586.rpm
45a49833d1714319fa9236190dfa2390 2010.1/i586/mysql-plugin_spider-2.13-13.1mdv2010.1.i586.rpm
fa916f4e032d28a6e0c8036026db9a26 2010.1/SRPMS/mysql-5.1.46-4.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
937f600c8f2ba9e76da5fc3b817106f7 2010.1/x86_64/lib64mysql16-5.1.46-4.1mdv2010.1.x86_64.rpm
5c504645dd2944a1fc894fef5f9960c6 2010.1/x86_64/lib64mysql-devel-5.1.46-4.1mdv2010.1.x86_64.rpm
a9e3f0fd47eb4c3064675b99d92874bd 2010.1/x86_64/lib64mysql-static-devel-5.1.46-4.1mdv2010.1.x86_64.rpm
693048d4d8d9b5608bbf5ba781701195 2010.1/x86_64/mysql-5.1.46-4.1mdv2010.1.x86_64.rpm
5a8b8519ab0002bf676abb0f912fab24 2010.1/x86_64/mysql-bench-5.1.46-4.1mdv2010.1.x86_64.rpm
64b96e2ba5f040d98efe3c8057876873 2010.1/x86_64/mysql-client-5.1.46-4.1mdv2010.1.x86_64.rpm
db25c98330349452f20edbb74b5e82b4 2010.1/x86_64/mysql-common-5.1.46-4.1mdv2010.1.x86_64.rpm
e06e683b1ca6ed4def6e03cfc13569ae 2010.1/x86_64/mysql-common-core-5.1.46-4.1mdv2010.1.x86_64.rpm
0a6801cf988f8a0d6cd7b24ba8a12c4a 2010.1/x86_64/mysql-core-5.1.46-4.1mdv2010.1.x86_64.rpm
63c665a719242eab65168ec1dfcbc767 2010.1/x86_64/mysql-plugin_pbxt-1.0.10-13.1mdv2010.1.x86_64.rpm
57498e5bfa7e9c89774321f68308beb6 2010.1/x86_64/mysql-plugin_pinba-0.0.5-13.1mdv2010.1.x86_64.rpm
df8ec7acf48ae5e1d5263548594e7439 2010.1/x86_64/mysql-plugin_revision-0.1-13.1mdv2010.1.x86_64.rpm
a048ac261564614081ab2f7296cf74be 2010.1/x86_64/mysql-plugin_sphinx-0.9.9-13.1mdv2010.1.x86_64.rpm
9655f023de18252ad567604460f635fb 2010.1/x86_64/mysql-plugin_spider-2.13-13.1mdv2010.1.x86_64.rpm
fa916f4e032d28a6e0c8036026db9a26 2010.1/SRPMS/mysql-5.1.46-4.1mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMbmOOmqjQ0CJFipgRAn/ZAKDCQuwf6wGQjZP6dv7gdzhPCcXRAACg08IZ
iLdlzoOV+tPqxaisYBfG0CY=
=O6Zj
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists