lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PFt9p-0005VD-Am@titan.mandriva.com>
Date: Tue, 09 Nov 2010 19:43:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:223 ] mysql

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:223
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mysql
 Date    : November 9, 2010
 Affected: 2009.1, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in mysql:
 
 * During evaluation of arguments to extreme-value functions (such
 as LEAST() and GREATEST()), type errors did not propagate properly,
 causing the server to crash (CVE-2010-3833).
 
 * The server could crash after materializing a derived table that
 required a temporary table for grouping (CVE-2010-3834).
 
 * A user-variable assignment expression that is evaluated in a logical
 expression context can be precalculated in a temporary table for GROUP
 BY. However, when the expression value is used after creation of the
 temporary table, it was re-evaluated, not read from the table and a
 server crash resulted (CVE-2010-3835).
 
 * Pre-evaluation of LIKE predicates during view preparation could
 cause a server crash (CVE-2010-3836).
 
 * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash
 (CVE-2010-3837).
 
 * Queries could cause a server crash if the GREATEST() or LEAST()
 function had a mixed list of numeric and LONGBLOB arguments, and
 the result of such a function was processed using an intermediate
 temporary table (CVE-2010-3838).
 
 * Queries with nested joins could cause an infinite loop in the
 server when used from stored procedures and prepared statements
 (CVE-2010-3839).
 
 * The PolyFromWKB() function could crash the server when improper
 WKB data was passed to the function (CVE-2010-3840).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3839
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3840
 http://bugs.mysql.com/bug.php?id=55826
 http://bugs.mysql.com/bug.php?id=55568
 http://bugs.mysql.com/bug.php?id=55564
 http://bugs.mysql.com/bug.php?id=54568
 http://bugs.mysql.com/bug.php?id=54476
 http://bugs.mysql.com/bug.php?id=54461
 http://bugs.mysql.com/bug.php?id=53544
 http://bugs.mysql.com/bug.php?id=51875
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 c24fb902d05f9106dd7b62d7bf7c961e  2009.1/i586/libmysql16-5.1.42-0.7mdv2009.1.i586.rpm
 9906c87fbd2c5653d14e307ca6cb8396  2009.1/i586/libmysql-devel-5.1.42-0.7mdv2009.1.i586.rpm
 7549265a5c2c1f812a4bcff401468167  2009.1/i586/libmysql-static-devel-5.1.42-0.7mdv2009.1.i586.rpm
 2d5c4c004fb36b096f2162f3cc54a828  2009.1/i586/mysql-5.1.42-0.7mdv2009.1.i586.rpm
 61b53b422cd8a9d63014f9fee9af1974  2009.1/i586/mysql-bench-5.1.42-0.7mdv2009.1.i586.rpm
 02f151c312608d8d56f9494f20908a8c  2009.1/i586/mysql-client-5.1.42-0.7mdv2009.1.i586.rpm
 a97b68d21ed4dd412ce960960c93eab8  2009.1/i586/mysql-common-5.1.42-0.7mdv2009.1.i586.rpm
 5cda25980548ccfde2261781eb6790e3  2009.1/i586/mysql-doc-5.1.42-0.7mdv2009.1.i586.rpm
 5b5f3444c6d2905c904b8bbda929a721  2009.1/i586/mysql-max-5.1.42-0.7mdv2009.1.i586.rpm
 71b29aa05beb90ed4b2d82fddfbe2656  2009.1/i586/mysql-ndb-extra-5.1.42-0.7mdv2009.1.i586.rpm
 b6e47c4d9d14797e2fe886a5de0f4fdd  2009.1/i586/mysql-ndb-management-5.1.42-0.7mdv2009.1.i586.rpm
 50c738ab7f802e8ba2df8eb3bf1a6fbb  2009.1/i586/mysql-ndb-storage-5.1.42-0.7mdv2009.1.i586.rpm
 93a807c4646a31e1cc4bb3886c089e9b  2009.1/i586/mysql-ndb-tools-5.1.42-0.7mdv2009.1.i586.rpm 
 089921dec5b57917a3b42b3165e260eb  2009.1/SRPMS/mysql-5.1.42-0.7mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 fb1064832c231c168afd50a0d79bc4dd  2009.1/x86_64/lib64mysql16-5.1.42-0.7mdv2009.1.x86_64.rpm
 a58727f9e04d17c3587076470ddb35da  2009.1/x86_64/lib64mysql-devel-5.1.42-0.7mdv2009.1.x86_64.rpm
 52a5213b49fb99a67c2c3c693c5610c1  2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.7mdv2009.1.x86_64.rpm
 2c8620f213952d425ff67a70d96091a9  2009.1/x86_64/mysql-5.1.42-0.7mdv2009.1.x86_64.rpm
 b9909bc2b87297f7c8cee7fcac2d3ead  2009.1/x86_64/mysql-bench-5.1.42-0.7mdv2009.1.x86_64.rpm
 e48643fe42c2ebd534da6f67d9adf38b  2009.1/x86_64/mysql-client-5.1.42-0.7mdv2009.1.x86_64.rpm
 d35e8889430bf446d6e1b1e8f43f72d7  2009.1/x86_64/mysql-common-5.1.42-0.7mdv2009.1.x86_64.rpm
 1304778f16541d60db286239bcbe6ef2  2009.1/x86_64/mysql-doc-5.1.42-0.7mdv2009.1.x86_64.rpm
 f5b5c8ab8c104c7f28e8719f094dad95  2009.1/x86_64/mysql-max-5.1.42-0.7mdv2009.1.x86_64.rpm
 c579d63781e511ebc6bae4ac00a04b12  2009.1/x86_64/mysql-ndb-extra-5.1.42-0.7mdv2009.1.x86_64.rpm
 b8133d9838a341aa4ead1deedc33ee3d  2009.1/x86_64/mysql-ndb-management-5.1.42-0.7mdv2009.1.x86_64.rpm
 e6e68a5c779810cff0cb4a3850b344e2  2009.1/x86_64/mysql-ndb-storage-5.1.42-0.7mdv2009.1.x86_64.rpm
 1ea3d18d59f71bbf85325d4af19004c8  2009.1/x86_64/mysql-ndb-tools-5.1.42-0.7mdv2009.1.x86_64.rpm 
 089921dec5b57917a3b42b3165e260eb  2009.1/SRPMS/mysql-5.1.42-0.7mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 e5504c9216682ecfa362b986b50e67bc  2010.0/i586/libmysql16-5.1.42-0.7mdv2010.0.i586.rpm
 33563d8cf9329dad3480511d89d2f90f  2010.0/i586/libmysql-devel-5.1.42-0.7mdv2010.0.i586.rpm
 617d51dbf63c61142d7f2d94ba0d6140  2010.0/i586/libmysql-static-devel-5.1.42-0.7mdv2010.0.i586.rpm
 627a87ae6f3ba4ca8b141822f33669e3  2010.0/i586/mysql-5.1.42-0.7mdv2010.0.i586.rpm
 218e7f5b26953613b78b9c4c14fee172  2010.0/i586/mysql-bench-5.1.42-0.7mdv2010.0.i586.rpm
 654133dfff89a9c3af227f085959ec6b  2010.0/i586/mysql-client-5.1.42-0.7mdv2010.0.i586.rpm
 e863dec49820612c4650b3c086faa90c  2010.0/i586/mysql-common-5.1.42-0.7mdv2010.0.i586.rpm
 57f5626c82fd35de3d4af2842ee3ce6d  2010.0/i586/mysql-common-core-5.1.42-0.7mdv2010.0.i586.rpm
 accbd97c043da5eae1348c8dc10259f4  2010.0/i586/mysql-core-5.1.42-0.7mdv2010.0.i586.rpm
 70b2ade6fc38b150ef6f9e9b2978acc5  2010.0/i586/mysql-doc-5.1.42-0.7mdv2010.0.i586.rpm
 987e4f98e242b8aaf16973467b939387  2010.0/i586/mysql-max-5.1.42-0.7mdv2010.0.i586.rpm
 f4da9cf30391c117220ceaad9604aaf6  2010.0/i586/mysql-ndb-extra-5.1.42-0.7mdv2010.0.i586.rpm
 23ec71d9002a443aac52aac883d1bbb9  2010.0/i586/mysql-ndb-management-5.1.42-0.7mdv2010.0.i586.rpm
 5b15230c7f80f7bacdfd3482dce7dac7  2010.0/i586/mysql-ndb-storage-5.1.42-0.7mdv2010.0.i586.rpm
 4a3579c353a7c8d3ecc91ae92e5422cb  2010.0/i586/mysql-ndb-tools-5.1.42-0.7mdv2010.0.i586.rpm 
 31a55292b75cd0a1bee02aac9197e37a  2010.0/SRPMS/mysql-5.1.42-0.7mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a7a0791af18df2567be3d04cb269bda3  2010.0/x86_64/lib64mysql16-5.1.42-0.7mdv2010.0.x86_64.rpm
 1c0abda99b0c5ef8c6d4ea4dc1ec0812  2010.0/x86_64/lib64mysql-devel-5.1.42-0.7mdv2010.0.x86_64.rpm
 5a9cbe4274e28221eca9778caea9da01  2010.0/x86_64/lib64mysql-static-devel-5.1.42-0.7mdv2010.0.x86_64.rpm
 5d25d85ca90c1d592a321d8908295e18  2010.0/x86_64/mysql-5.1.42-0.7mdv2010.0.x86_64.rpm
 4d85c9d31f9f6b2a4f1fe3e9188e955e  2010.0/x86_64/mysql-bench-5.1.42-0.7mdv2010.0.x86_64.rpm
 85008a9e4aaa9d84b6cc580076be288b  2010.0/x86_64/mysql-client-5.1.42-0.7mdv2010.0.x86_64.rpm
 ec632cf44e14b9a818e1d03d4805d8d1  2010.0/x86_64/mysql-common-5.1.42-0.7mdv2010.0.x86_64.rpm
 fce974f9ab2db341b742397afa8e52b7  2010.0/x86_64/mysql-common-core-5.1.42-0.7mdv2010.0.x86_64.rpm
 1176454c6198e4b50fef3d300b2b0aab  2010.0/x86_64/mysql-core-5.1.42-0.7mdv2010.0.x86_64.rpm
 b6e6183f956a34fecaf19a2f8b5324cf  2010.0/x86_64/mysql-doc-5.1.42-0.7mdv2010.0.x86_64.rpm
 a2cf3984b5b48f61c62a44df59f14d2c  2010.0/x86_64/mysql-max-5.1.42-0.7mdv2010.0.x86_64.rpm
 b4cb0843ff9a5879aa323dc444dbb228  2010.0/x86_64/mysql-ndb-extra-5.1.42-0.7mdv2010.0.x86_64.rpm
 5edf6b6eec7dd140cb4790b5012b595d  2010.0/x86_64/mysql-ndb-management-5.1.42-0.7mdv2010.0.x86_64.rpm
 44ec600db127c7e462d63e015d13c7e9  2010.0/x86_64/mysql-ndb-storage-5.1.42-0.7mdv2010.0.x86_64.rpm
 c118f59b5f889f59c632f2f0f5764328  2010.0/x86_64/mysql-ndb-tools-5.1.42-0.7mdv2010.0.x86_64.rpm 
 31a55292b75cd0a1bee02aac9197e37a  2010.0/SRPMS/mysql-5.1.42-0.7mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 1a416a9f547eb55c801607b06c921ca5  2010.1/i586/libmysql16-5.1.46-4.2mdv2010.1.i586.rpm
 3b6b4a9fc9fe3f74d9735c65a1028093  2010.1/i586/libmysql-devel-5.1.46-4.2mdv2010.1.i586.rpm
 7f4b1831bcb40a898353d5bfbdf15102  2010.1/i586/libmysql-static-devel-5.1.46-4.2mdv2010.1.i586.rpm
 4989c0961ba2fa1835e2cc4e1d46098d  2010.1/i586/mysql-5.1.46-4.2mdv2010.1.i586.rpm
 ceba6c601615e2c168650141174669e0  2010.1/i586/mysql-bench-5.1.46-4.2mdv2010.1.i586.rpm
 64f5ddbca162be792fbcd7a8510e023f  2010.1/i586/mysql-client-5.1.46-4.2mdv2010.1.i586.rpm
 77f17c48c08d62b743cd105cb7338dd9  2010.1/i586/mysql-common-5.1.46-4.2mdv2010.1.i586.rpm
 f799d22bab301e27c7b8cb4496d21059  2010.1/i586/mysql-common-core-5.1.46-4.2mdv2010.1.i586.rpm
 ffdd1a28cab7f77314672240dc865350  2010.1/i586/mysql-core-5.1.46-4.2mdv2010.1.i586.rpm
 aa43641577a99042aaf6c302ce590a4d  2010.1/i586/mysql-plugin_pbxt-1.0.10-13.2mdv2010.1.i586.rpm
 d3af045d2e548ba1372c4d9d879d88f4  2010.1/i586/mysql-plugin_pinba-0.0.5-13.2mdv2010.1.i586.rpm
 b5c9cf616998915d01158c9022ad8247  2010.1/i586/mysql-plugin_revision-0.1-13.2mdv2010.1.i586.rpm
 a3b017a221e607e4bfbeeea7039141b1  2010.1/i586/mysql-plugin_sphinx-0.9.9-13.2mdv2010.1.i586.rpm
 9c857a669e11a4b3ec2acb4e6369e63c  2010.1/i586/mysql-plugin_spider-2.13-13.2mdv2010.1.i586.rpm 
 417e7f324ab7815f037267822bf83778  2010.1/SRPMS/mysql-5.1.46-4.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 cbae583eea6535059521d261a9108372  2010.1/x86_64/lib64mysql16-5.1.46-4.2mdv2010.1.x86_64.rpm
 3c0a1bf40e3deabeebb0856767a7a812  2010.1/x86_64/lib64mysql-devel-5.1.46-4.2mdv2010.1.x86_64.rpm
 e291d41347025bca857a5f3ebd60ea91  2010.1/x86_64/lib64mysql-static-devel-5.1.46-4.2mdv2010.1.x86_64.rpm
 071bbbcbbd75c6cc6b08fc8595dfe132  2010.1/x86_64/mysql-5.1.46-4.2mdv2010.1.x86_64.rpm
 cdb12baea08bf52ef35170090014d35b  2010.1/x86_64/mysql-bench-5.1.46-4.2mdv2010.1.x86_64.rpm
 4f6bc67c5ad72eff5027356896f71a2c  2010.1/x86_64/mysql-client-5.1.46-4.2mdv2010.1.x86_64.rpm
 ade356e0ea897bc581f25f14679d69d7  2010.1/x86_64/mysql-common-5.1.46-4.2mdv2010.1.x86_64.rpm
 c46e894a38a8695fb0f4d6204ed28a7b  2010.1/x86_64/mysql-common-core-5.1.46-4.2mdv2010.1.x86_64.rpm
 2a72fbb0e0fd59ba01d1941ceee81dfe  2010.1/x86_64/mysql-core-5.1.46-4.2mdv2010.1.x86_64.rpm
 29eb971eeabdfb5109f57f16ce39ed45  2010.1/x86_64/mysql-plugin_pbxt-1.0.10-13.2mdv2010.1.x86_64.rpm
 dc2ccb2add4914ea8ba64c37c073ca7b  2010.1/x86_64/mysql-plugin_pinba-0.0.5-13.2mdv2010.1.x86_64.rpm
 82772692710157652b521a4268afd765  2010.1/x86_64/mysql-plugin_revision-0.1-13.2mdv2010.1.x86_64.rpm
 81aeb8c301e26ea65b601a8790b366b7  2010.1/x86_64/mysql-plugin_sphinx-0.9.9-13.2mdv2010.1.x86_64.rpm
 7c160860370ed3d8a58a11d04a8f6b3a  2010.1/x86_64/mysql-plugin_spider-2.13-13.2mdv2010.1.x86_64.rpm 
 417e7f324ab7815f037267822bf83778  2010.1/SRPMS/mysql-5.1.46-4.2mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM2Wh/mqjQ0CJFipgRAtTIAJ9lirDBimKVrwC05++S0Sir7UNTfgCg2h+q
unT3pGfRKtxeBGVtgLWdeHA=
=3FOy
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ