lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PFrtS-0004iZ-3b@titan.mandriva.com>
Date: Tue, 09 Nov 2010 18:22:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:222 ] mysql

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:222
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : November 9, 2010
 Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in mysql:
 
 * Joins involving a table with with a unique SET column could cause
 a server crash (CVE-2010-3677).
 
 * Use of TEMPORARY InnoDB tables with nullable columns could cause
 a server crash (CVE-2010-3680).
 
 * The server could crash if there were alternate reads from two
 indexes on a table using the HANDLER interface (CVE-2010-3681).
 
 * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY
 (SELECT ... WHERE ...) could cause a server crash (CVE-2010-3682).
 
 * During evaluation of arguments to extreme-value functions (such
 as LEAST() and GREATEST()), type errors did not propagate properly,
 causing the server to crash (CVE-2010-3833).
 
 * The server could crash after materializing a derived table that
 required a temporary table for grouping (CVE-2010-3834).
 
 * A user-variable assignment expression that is evaluated in a logical
 expression context can be precalculated in a temporary table for GROUP
 BY. However, when the expression value is used after creation of the
 temporary table, it was re-evaluated, not read from the table and a
 server crash resulted (CVE-2010-3835).
 
 * Pre-evaluation of LIKE predicates during view preparation could
 cause a server crash (CVE-2010-3836).
 
 * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash
 (CVE-2010-3837).
 
 * Queries could cause a server crash if the GREATEST() or LEAST()
 function had a mixed list of numeric and LONGBLOB arguments, and
 the result of such a function was processed using an intermediate
 temporary table (CVE-2010-3838).
 
 * Queries with nested joins could cause an infinite loop in the
 server when used from stored procedures and prepared statements
 (CVE-2010-3839).
 
 * The PolyFromWKB() function could crash the server when improper
 WKB data was passed to the function (CVE-2010-3840).
 
 Additionally the default behaviour of using the mysqlmanager instead
 of the mysqld_safe script has been reverted in the SysV init script
 because of instability issues with the mysqlmanager.
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been upgraded to mysql 5.0.91 and patched
 to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3839
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3840
 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
 http://bugs.mysql.com/bug.php?id=54575
 http://bugs.mysql.com/bug.php?id=54044
 http://bugs.mysql.com/bug.php?id=54007
 http://bugs.mysql.com/bug.php?id=52711
 http://bugs.mysql.com/bug.php?id=55826
 http://bugs.mysql.com/bug.php?id=55568
 http://bugs.mysql.com/bug.php?id=55564
 http://bugs.mysql.com/bug.php?id=54568
 http://bugs.mysql.com/bug.php?id=54476
 http://bugs.mysql.com/bug.php?id=54461
 http://bugs.mysql.com/bug.php?id=53544
 http://bugs.mysql.com/bug.php?id=51875
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 eb907536a0eeaaa029dc177ea9ef0a39  2009.0/i586/libmysql15-5.0.91-0.1mdv2009.0.i586.rpm
 6478e39626354dceed037e214ec6cb1b  2009.0/i586/libmysql-devel-5.0.91-0.1mdv2009.0.i586.rpm
 f241d659367edc2514f252a770715ce3  2009.0/i586/libmysql-static-devel-5.0.91-0.1mdv2009.0.i586.rpm
 3acc56592aa5ef4ae5227c204a3a5931  2009.0/i586/mysql-5.0.91-0.1mdv2009.0.i586.rpm
 6dd27cf8a8a6ddfcba4ff41199e5af53  2009.0/i586/mysql-bench-5.0.91-0.1mdv2009.0.i586.rpm
 969531a60f2b36ce51504ced260b0df9  2009.0/i586/mysql-client-5.0.91-0.1mdv2009.0.i586.rpm
 0d6e8961bb929492b105d4552622eaa4  2009.0/i586/mysql-common-5.0.91-0.1mdv2009.0.i586.rpm
 e34023d0f7030d97f5ae90299b68eec9  2009.0/i586/mysql-doc-5.0.91-0.1mdv2009.0.i586.rpm
 4d23ed1d323b7386428dc5f558d3dfe2  2009.0/i586/mysql-max-5.0.91-0.1mdv2009.0.i586.rpm
 b9f3ae1f4537d552874ca55ed0bbb0d5  2009.0/i586/mysql-ndb-extra-5.0.91-0.1mdv2009.0.i586.rpm
 71e6e537d8ca78f4feb184127c6d2241  2009.0/i586/mysql-ndb-management-5.0.91-0.1mdv2009.0.i586.rpm
 ca105074d069cff1a46b33d97ad98d9c  2009.0/i586/mysql-ndb-storage-5.0.91-0.1mdv2009.0.i586.rpm
 fbb37043811a661be20b76f2b5580f69  2009.0/i586/mysql-ndb-tools-5.0.91-0.1mdv2009.0.i586.rpm 
 a08639f29c6d8a07534854c05a1d455b  2009.0/SRPMS/mysql-5.0.91-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 cd1407d890e82227401c8b362707b3b9  2009.0/x86_64/lib64mysql15-5.0.91-0.1mdv2009.0.x86_64.rpm
 e0e273aa8b3491d2c9a4e3262769105f  2009.0/x86_64/lib64mysql-devel-5.0.91-0.1mdv2009.0.x86_64.rpm
 2d33f0fe6f058303912058018a3d0d06  2009.0/x86_64/lib64mysql-static-devel-5.0.91-0.1mdv2009.0.x86_64.rpm
 da91cf85defd1b0cff9c069fadd07e5d  2009.0/x86_64/mysql-5.0.91-0.1mdv2009.0.x86_64.rpm
 8ebcffba8321ae17aae21cb3ba52a3e9  2009.0/x86_64/mysql-bench-5.0.91-0.1mdv2009.0.x86_64.rpm
 d5d640a2ef35848f9befc0be86d78a49  2009.0/x86_64/mysql-client-5.0.91-0.1mdv2009.0.x86_64.rpm
 b526d8835e448c064cd63f9aefb3623c  2009.0/x86_64/mysql-common-5.0.91-0.1mdv2009.0.x86_64.rpm
 f797fffb311a794dab45d168a8b781d6  2009.0/x86_64/mysql-doc-5.0.91-0.1mdv2009.0.x86_64.rpm
 6fbb34d053af580605ee5e38319e70dc  2009.0/x86_64/mysql-max-5.0.91-0.1mdv2009.0.x86_64.rpm
 b3301c995e36f2785d25c7d3e61abe6e  2009.0/x86_64/mysql-ndb-extra-5.0.91-0.1mdv2009.0.x86_64.rpm
 96296d78b320836f6199ccd9f6ded083  2009.0/x86_64/mysql-ndb-management-5.0.91-0.1mdv2009.0.x86_64.rpm
 460ca6c62c5911774601ff0f2503e885  2009.0/x86_64/mysql-ndb-storage-5.0.91-0.1mdv2009.0.x86_64.rpm
 414c0cf19deda444f69486aed137b9e6  2009.0/x86_64/mysql-ndb-tools-5.0.91-0.1mdv2009.0.x86_64.rpm 
 a08639f29c6d8a07534854c05a1d455b  2009.0/SRPMS/mysql-5.0.91-0.1mdv2009.0.src.rpm

 Corporate 4.0:
 93ceb9fd59484cdea928ffd2e06d149c  corporate/4.0/i586/libmysql15-5.0.91-0.1.20060mlcs4.i586.rpm
 f80353a66273e0f70aba1f4821efd2fa  corporate/4.0/i586/libmysql-devel-5.0.91-0.1.20060mlcs4.i586.rpm
 e755ee14f4d94b55db8a74dbb721f068  corporate/4.0/i586/libmysql-static-devel-5.0.91-0.1.20060mlcs4.i586.rpm
 95abd2f134cf728ecebb4c4d0b4a6ae9  corporate/4.0/i586/mysql-5.0.91-0.1.20060mlcs4.i586.rpm
 1c18fe18e0475ea49a4a50b9d1f6c091  corporate/4.0/i586/mysql-bench-5.0.91-0.1.20060mlcs4.i586.rpm
 7399fd7ae6850c14792eac8b79a34523  corporate/4.0/i586/mysql-client-5.0.91-0.1.20060mlcs4.i586.rpm
 4aee716bce3e5965688194b1cd1712eb  corporate/4.0/i586/mysql-common-5.0.91-0.1.20060mlcs4.i586.rpm
 86bfc5a65912fbbbe1ac5b9eda7b31f0  corporate/4.0/i586/mysql-doc-5.0.91-0.1.20060mlcs4.i586.rpm
 c387117b0a39d2bad9cec605f3f7314a  corporate/4.0/i586/mysql-max-5.0.91-0.1.20060mlcs4.i586.rpm
 f63da7fe87e2eb742a6a74e2c66a57e6  corporate/4.0/i586/mysql-ndb-extra-5.0.91-0.1.20060mlcs4.i586.rpm
 9dd84b4d7102bf330b2979d90f8983c8  corporate/4.0/i586/mysql-ndb-management-5.0.91-0.1.20060mlcs4.i586.rpm
 b51844ca5c493112335ca054f43e17d4  corporate/4.0/i586/mysql-ndb-storage-5.0.91-0.1.20060mlcs4.i586.rpm
 09509a1f48bc11abe6570c3a46e9daf6  corporate/4.0/i586/mysql-ndb-tools-5.0.91-0.1.20060mlcs4.i586.rpm 
 927ed1974f0a042693967b6fd22ec008  corporate/4.0/SRPMS/mysql-5.0.91-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 20117b2754e9b91d085ff9680d811611  corporate/4.0/x86_64/lib64mysql15-5.0.91-0.1.20060mlcs4.x86_64.rpm
 1853101973ee2852c1009e7595a2bc31  corporate/4.0/x86_64/lib64mysql-devel-5.0.91-0.1.20060mlcs4.x86_64.rpm
 dd09522b46023ae468563abd47460bd3  corporate/4.0/x86_64/lib64mysql-static-devel-5.0.91-0.1.20060mlcs4.x86_64.rpm
 9f0c3810761e001a6e371012cc2743eb  corporate/4.0/x86_64/mysql-5.0.91-0.1.20060mlcs4.x86_64.rpm
 fd174ef50c83c54356ac8e4e891b3f73  corporate/4.0/x86_64/mysql-bench-5.0.91-0.1.20060mlcs4.x86_64.rpm
 8a85a29a6ade51a0956786675ba887fe  corporate/4.0/x86_64/mysql-client-5.0.91-0.1.20060mlcs4.x86_64.rpm
 09daedce7d9a9c1c00168b0b1d42994f  corporate/4.0/x86_64/mysql-common-5.0.91-0.1.20060mlcs4.x86_64.rpm
 ef9743643cba3544a8824d4c17e0d6c8  corporate/4.0/x86_64/mysql-doc-5.0.91-0.1.20060mlcs4.x86_64.rpm
 e7c3a9a251b4c8bc758591c5460d50dc  corporate/4.0/x86_64/mysql-max-5.0.91-0.1.20060mlcs4.x86_64.rpm
 f522e85eb231fc6a021219f9647f9333  corporate/4.0/x86_64/mysql-ndb-extra-5.0.91-0.1.20060mlcs4.x86_64.rpm
 f702c3f65c406cc76ed2c7a784cef4f2  corporate/4.0/x86_64/mysql-ndb-management-5.0.91-0.1.20060mlcs4.x86_64.rpm
 6442629a873f3cce5eb00d490068afbb  corporate/4.0/x86_64/mysql-ndb-storage-5.0.91-0.1.20060mlcs4.x86_64.rpm
 e3e5f618f95f4ff8f83761069c36fae2  corporate/4.0/x86_64/mysql-ndb-tools-5.0.91-0.1.20060mlcs4.x86_64.rpm 
 927ed1974f0a042693967b6fd22ec008  corporate/4.0/SRPMS/mysql-5.0.91-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 89c2269f406dc3045dfd7d4722439b89  mes5/i586/libmysql15-5.0.91-0.1mdvmes5.1.i586.rpm
 a39245d96a2343f94a6c3de2b0a1d5e8  mes5/i586/libmysql-devel-5.0.91-0.1mdvmes5.1.i586.rpm
 c3a8626adfa64c80e9780cae382677d3  mes5/i586/libmysql-static-devel-5.0.91-0.1mdvmes5.1.i586.rpm
 d08bcf51ea7cca9291879867d94bfd46  mes5/i586/mysql-5.0.91-0.1mdvmes5.1.i586.rpm
 894a8b94003bae051d4301f6adcf2669  mes5/i586/mysql-bench-5.0.91-0.1mdvmes5.1.i586.rpm
 62396656052e01c3fdf8d500bc55a860  mes5/i586/mysql-client-5.0.91-0.1mdvmes5.1.i586.rpm
 5b824ecf37eb00993e47aff4531775a7  mes5/i586/mysql-common-5.0.91-0.1mdvmes5.1.i586.rpm
 bf869755a712d83629256a9a99c15711  mes5/i586/mysql-doc-5.0.91-0.1mdvmes5.1.i586.rpm
 bff52c734c7efc2305e22c1dd2bdf094  mes5/i586/mysql-max-5.0.91-0.1mdvmes5.1.i586.rpm
 5f33d4b7e2de3e03beb58bd5c543c97b  mes5/i586/mysql-ndb-extra-5.0.91-0.1mdvmes5.1.i586.rpm
 10133c0bfbaa5080156ff83f871ee4da  mes5/i586/mysql-ndb-management-5.0.91-0.1mdvmes5.1.i586.rpm
 35c3f4e88178c3bee2247aa5fe506aca  mes5/i586/mysql-ndb-storage-5.0.91-0.1mdvmes5.1.i586.rpm
 f4fc7bfef0241437d69d170e26391efc  mes5/i586/mysql-ndb-tools-5.0.91-0.1mdvmes5.1.i586.rpm 
 d1e56324f66cd14937b7612206def290  mes5/SRPMS/mysql-5.0.91-0.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 8916ce12f0a1369f39cd250e2c8c35c9  mes5/x86_64/lib64mysql15-5.0.91-0.1mdvmes5.1.x86_64.rpm
 8276a9fd8be29452610c67e2971be511  mes5/x86_64/lib64mysql-devel-5.0.91-0.1mdvmes5.1.x86_64.rpm
 2306d392866669f16ed65275ec8ea1ec  mes5/x86_64/lib64mysql-static-devel-5.0.91-0.1mdvmes5.1.x86_64.rpm
 da916613ff80db456eadddd61d6cba18  mes5/x86_64/mysql-5.0.91-0.1mdvmes5.1.x86_64.rpm
 8563b08ca76a16d01f1b9c41b9cc7dcc  mes5/x86_64/mysql-bench-5.0.91-0.1mdvmes5.1.x86_64.rpm
 88289d93bf3e177ae304843fc3f221a4  mes5/x86_64/mysql-client-5.0.91-0.1mdvmes5.1.x86_64.rpm
 55b1ddf76c99a5561b738682fb55b4fb  mes5/x86_64/mysql-common-5.0.91-0.1mdvmes5.1.x86_64.rpm
 8b33e50cc5c12dfb577a7d1ca85800ea  mes5/x86_64/mysql-doc-5.0.91-0.1mdvmes5.1.x86_64.rpm
 b2fd7c02c73ab39a68c5799ae71769da  mes5/x86_64/mysql-max-5.0.91-0.1mdvmes5.1.x86_64.rpm
 0875dffd5f38fd9873347aad5353cdc1  mes5/x86_64/mysql-ndb-extra-5.0.91-0.1mdvmes5.1.x86_64.rpm
 1fcf16f947ccc0eca16aa5f47f910ded  mes5/x86_64/mysql-ndb-management-5.0.91-0.1mdvmes5.1.x86_64.rpm
 93bfc7f9bd45288ea5e6d97aedfd109e  mes5/x86_64/mysql-ndb-storage-5.0.91-0.1mdvmes5.1.x86_64.rpm
 a98125ba65e6ade91189944dd148a218  mes5/x86_64/mysql-ndb-tools-5.0.91-0.1mdvmes5.1.x86_64.rpm 
 d1e56324f66cd14937b7612206def290  mes5/SRPMS/mysql-5.0.91-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM2VUgmqjQ0CJFipgRAkmKAKDZq9ZsL8ehC3DYz8Cvl7S9kOMIigCfc/Bn
PtNWZN/OpXqCPP3oiCQKR4Y=
=W5lO
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ