Mandriva Linux Security Advisory 2010-155 - MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service. Additionally many security issues noted in the 5.1.49 release notes have been addressed with this advisory as well.
a524f186d307832209245b071d7daa4a471c629263fcd6fbfbd50ae724e67063
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:155-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mysql
Date : November 8, 2010
Affected: 2009.1
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in mysql:
MySQL before 5.1.48 allows remote authenticated users with alter
database privileges to cause a denial of service (server crash
and database loss) via an ALTER DATABASE command with a #mysql50#
string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or
similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which
causes MySQL to move certain directories to the server data directory
(CVE-2010-2008).
Additionally many security issues noted in the 5.1.49 release notes
has been addressed with this advisory as well, such as:
* LOAD DATA INFILE did not check for SQL errors and sent an OK packet
even when errors were already reported. Also, an assert related to
client-server protocol checking in debug servers sometimes was raised
when it should not have been. (Bug#52512) (CVE-2010-3683)
* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER
BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711)
(CVE-2010-3682)
* The server could crash if there were alternate reads from two indexes
on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681)
* A malformed argument to the BINLOG statement could result in Valgrind
warnings or a server crash. (Bug#54393) (CVE-2010-3679)
* Incorrect handling of NULL arguments could lead to a crash for IN()
or CASE operations when NULL arguments were either passed explicitly
as arguments (for IN()) or implicitly generated by the WITH ROLLUP
modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678)
* Joins involving a table with with a unique SET column could cause
a server crash. (Bug#54575) (CVE-2010-3677)
* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash. (Bug#54044) (CVE-2010-3680)
The updated packages have been patched to correct these issues.
Update:
Packages for 2009.1 was not provided with the MDVSA-2010:155
advisory. This advisory provides the missing packages.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680
http://bugs.mysql.com/bug.php?id=52512
http://bugs.mysql.com/bug.php?id=52711
http://bugs.mysql.com/bug.php?id=54007
http://bugs.mysql.com/bug.php?id=54393
http://bugs.mysql.com/bug.php?id=54477
http://bugs.mysql.com/bug.php?id=54575
http://bugs.mysql.com/bug.php?id=54044
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
adfd92c6e4de06c22f7066b3880c7256 2009.1/i586/libmysql16-5.1.42-0.6mdv2009.1.i586.rpm
5961a072e203925f3e85895e71c6d114 2009.1/i586/libmysql-devel-5.1.42-0.6mdv2009.1.i586.rpm
87b2fb4508b2574b9610549cffe5d641 2009.1/i586/libmysql-static-devel-5.1.42-0.6mdv2009.1.i586.rpm
0bb6bc8032660f9441595a897e5e37c2 2009.1/i586/mysql-5.1.42-0.6mdv2009.1.i586.rpm
aa383ed18610327d12846a66d6d8b5bd 2009.1/i586/mysql-bench-5.1.42-0.6mdv2009.1.i586.rpm
5abcaf797500228df411a10e9c1dd5a0 2009.1/i586/mysql-client-5.1.42-0.6mdv2009.1.i586.rpm
883b4e34ece270efb56c2eaa60a3a5f0 2009.1/i586/mysql-common-5.1.42-0.6mdv2009.1.i586.rpm
9fb48d28f8df4cb00aea4362837d2c3f 2009.1/i586/mysql-doc-5.1.42-0.6mdv2009.1.i586.rpm
67c086070030addfd770cc4d4c3db6bf 2009.1/i586/mysql-max-5.1.42-0.6mdv2009.1.i586.rpm
51e5a59f9aca3d05bbfb9a036f90ea54 2009.1/i586/mysql-ndb-extra-5.1.42-0.6mdv2009.1.i586.rpm
d3da22f20148d43a625f3715f1d02be7 2009.1/i586/mysql-ndb-management-5.1.42-0.6mdv2009.1.i586.rpm
a1d895e569730d42bed74d2b3b54ee0e 2009.1/i586/mysql-ndb-storage-5.1.42-0.6mdv2009.1.i586.rpm
9db83e6bd1b332ed2bcfa55c3d1cbf11 2009.1/i586/mysql-ndb-tools-5.1.42-0.6mdv2009.1.i586.rpm
39c0f1c0030455d78aa1f6c240e78f42 2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
81c56209ceffc1c4a8718beed142e0bd 2009.1/x86_64/lib64mysql16-5.1.42-0.6mdv2009.1.x86_64.rpm
fca597b87c3f7d5d5ca40f6c24afe2c3 2009.1/x86_64/lib64mysql-devel-5.1.42-0.6mdv2009.1.x86_64.rpm
8287471cd70b341806f7e72a16222e68 2009.1/x86_64/lib64mysql-static-devel-5.1.42-0.6mdv2009.1.x86_64.rpm
5f4a264351859a08b259178c7fb6709e 2009.1/x86_64/mysql-5.1.42-0.6mdv2009.1.x86_64.rpm
d5fd6ed95e52ffa75055b2e23ea880e1 2009.1/x86_64/mysql-bench-5.1.42-0.6mdv2009.1.x86_64.rpm
2621cfecdf4b53bfe363d99a9225ca31 2009.1/x86_64/mysql-client-5.1.42-0.6mdv2009.1.x86_64.rpm
1960228ef94d993486ab73a58323cc3e 2009.1/x86_64/mysql-common-5.1.42-0.6mdv2009.1.x86_64.rpm
dd4821845d060dd6dac38217cc8cac66 2009.1/x86_64/mysql-doc-5.1.42-0.6mdv2009.1.x86_64.rpm
65432b5801c2ac0b4f2c536a816bc06d 2009.1/x86_64/mysql-max-5.1.42-0.6mdv2009.1.x86_64.rpm
3cf458db3d034e5998bccb70c006b71a 2009.1/x86_64/mysql-ndb-extra-5.1.42-0.6mdv2009.1.x86_64.rpm
dea28a0be7cfcd99d942ce22f7999308 2009.1/x86_64/mysql-ndb-management-5.1.42-0.6mdv2009.1.x86_64.rpm
45329f869ffee6b497ad73da0a81019f 2009.1/x86_64/mysql-ndb-storage-5.1.42-0.6mdv2009.1.x86_64.rpm
72e2f6029c889723d0f003ffdbf007d1 2009.1/x86_64/mysql-ndb-tools-5.1.42-0.6mdv2009.1.x86_64.rpm
39c0f1c0030455d78aa1f6c240e78f42 2009.1/SRPMS/mysql-5.1.42-0.6mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM2AekmqjQ0CJFipgRAqwGAJ0dZsRuXRZ1OfiVCwbWUNj3i3zo4ACgwnsn
aN2rtXXq0VzlsNd0DLVdRvw=
=/o8P
-----END PGP SIGNATURE-----