-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:012 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mysql Date : January 17, 2011 Affected: 2010.0, 2010.1 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in mysql: storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement (CVE-2010-3676). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column (CVE-2010-3677). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier (CVE-2010-3678). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind (CVE-2010-3679). MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure (CVE-2010-3680). MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing alternate reads from two indexes on a table, which triggers an assertion failure (CVE-2010-3681). MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY \(SELECT ... WHERE ...\)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function (CVE-2010-3682). MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request (CVE-2010-3683). The updated packages have been upgraded to the latest (last) stable 5.1 release (5.1.54) to address these issues for both Mandriva Linux 2010.0 and 2010.2. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3677 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3680 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3681 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3683 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html http://www.mysql.com/support/eol-notice.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: 686ff6ab1037be9055b963c0da868c5a 2010.0/i586/libmysql16-5.1.54-0.1mdv2010.0.i586.rpm d21f5354b7a1137331b72ac8c01b65d1 2010.0/i586/libmysql-devel-5.1.54-0.1mdv2010.0.i586.rpm 7380f13c75cd45dc7a4cab7500e76a7d 2010.0/i586/libmysql-static-devel-5.1.54-0.1mdv2010.0.i586.rpm fff29fa545c7e13c9dc73562f1a791b7 2010.0/i586/mysql-5.1.54-0.1mdv2010.0.i586.rpm 3297cd90c967f1f962dfc7fea86aac8e 2010.0/i586/mysql-bench-5.1.54-0.1mdv2010.0.i586.rpm 5ad1ecb0d6c1c23bb942463c94a85d47 2010.0/i586/mysql-client-5.1.54-0.1mdv2010.0.i586.rpm b31d77434db4049124c0ec0b6a2bcc7d 2010.0/i586/mysql-common-5.1.54-0.1mdv2010.0.i586.rpm 619b1912a74fd2afa25cd3da86e72d04 2010.0/i586/mysql-common-core-5.1.54-0.1mdv2010.0.i586.rpm d93e4ed4822e6129cb49a3b1ea571c85 2010.0/i586/mysql-core-5.1.54-0.1mdv2010.0.i586.rpm f57f82b2bf007b41084ae40fb8efe4b4 2010.0/i586/mysql-doc-5.1.54-0.1mdv2010.0.i586.rpm 2cf147d708c9389e9c7fd1333ae4ec59 2010.0/i586/mysql-max-5.1.54-0.1mdv2010.0.i586.rpm f943f6be18cc94174ebcff0b38912235 2010.0/i586/mysql-ndb-extra-5.1.54-0.1mdv2010.0.i586.rpm a5046d568ef2784e9dab8fdfb0844e5b 2010.0/i586/mysql-ndb-management-5.1.54-0.1mdv2010.0.i586.rpm 2ca5966b89add7a0c1fd45d24ea46e68 2010.0/i586/mysql-ndb-storage-5.1.54-0.1mdv2010.0.i586.rpm 6ce6e0ce63deba613978b9e1f250dbda 2010.0/i586/mysql-ndb-tools-5.1.54-0.1mdv2010.0.i586.rpm 5324dc97841f5cec84a6616480754af5 2010.0/SRPMS/mysql-5.1.54-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: c3447fdfd64da373d4953ec3b661c1c9 2010.0/x86_64/lib64mysql16-5.1.54-0.1mdv2010.0.x86_64.rpm 30d5d8de87063a13bbfb8378b3bb6fb9 2010.0/x86_64/lib64mysql-devel-5.1.54-0.1mdv2010.0.x86_64.rpm 412bd3ffd06d513efea926d92943d784 2010.0/x86_64/lib64mysql-static-devel-5.1.54-0.1mdv2010.0.x86_64.rpm 38d7840bcf97600cce12b29c83cd40e0 2010.0/x86_64/mysql-5.1.54-0.1mdv2010.0.x86_64.rpm 47f562cbfbf5cb23ccaec63e264a8c8f 2010.0/x86_64/mysql-bench-5.1.54-0.1mdv2010.0.x86_64.rpm 80d9559b2a6c8fc4f2579d3413ff8b0c 2010.0/x86_64/mysql-client-5.1.54-0.1mdv2010.0.x86_64.rpm a7e714560f74258e7a9f1e6774759ef2 2010.0/x86_64/mysql-common-5.1.54-0.1mdv2010.0.x86_64.rpm a4a5d91865a4c86f252993ec8030a8cf 2010.0/x86_64/mysql-common-core-5.1.54-0.1mdv2010.0.x86_64.rpm 271b2e32d1143923fec7add90fb56b0f 2010.0/x86_64/mysql-core-5.1.54-0.1mdv2010.0.x86_64.rpm 04430eca656a618b4e509f9fbe7a3848 2010.0/x86_64/mysql-doc-5.1.54-0.1mdv2010.0.x86_64.rpm 8d8679eb10880e3ecd683be974a7289f 2010.0/x86_64/mysql-max-5.1.54-0.1mdv2010.0.x86_64.rpm a1254ba2abc8ac1686f29236f6f59b2e 2010.0/x86_64/mysql-ndb-extra-5.1.54-0.1mdv2010.0.x86_64.rpm 8c80ba5223247605844b19a8a5ec6cc4 2010.0/x86_64/mysql-ndb-management-5.1.54-0.1mdv2010.0.x86_64.rpm 8b212ceeb5ff305da7c9cbfcc3eb3bde 2010.0/x86_64/mysql-ndb-storage-5.1.54-0.1mdv2010.0.x86_64.rpm 90761e3010c02fabe981c94b062240b1 2010.0/x86_64/mysql-ndb-tools-5.1.54-0.1mdv2010.0.x86_64.rpm 5324dc97841f5cec84a6616480754af5 2010.0/SRPMS/mysql-5.1.54-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: a730b66d0f60a3ae797cfd1508573e14 2010.1/i586/libmysql16-5.1.54-0.1mdv2010.2.i586.rpm 4db227ee520cc8fa2756cca5102c136f 2010.1/i586/libmysql-devel-5.1.54-0.1mdv2010.2.i586.rpm 4fa187bf89c62a0b88b2614ccefd9b14 2010.1/i586/libmysql-static-devel-5.1.54-0.1mdv2010.2.i586.rpm 5755eb749663381170e8776e8bc5a6ab 2010.1/i586/mysql-5.1.54-0.1mdv2010.2.i586.rpm 54f5b5ca8145c1b3427a99374b3d7966 2010.1/i586/mysql-bench-5.1.54-0.1mdv2010.2.i586.rpm ca7475819312d72b58c8e80605f3a9d0 2010.1/i586/mysql-client-5.1.54-0.1mdv2010.2.i586.rpm 77bf12591d85ce2a20ff01f60143ec2e 2010.1/i586/mysql-common-5.1.54-0.1mdv2010.2.i586.rpm d84835654b3c7ea383eb7522c0b42168 2010.1/i586/mysql-common-core-5.1.54-0.1mdv2010.2.i586.rpm a99914d27081cd012d8d84c931bb9f8b 2010.1/i586/mysql-core-5.1.54-0.1mdv2010.2.i586.rpm f60c297e866c86b5380a239f7ac4ecda 2010.1/i586/mysql-plugin_pbxt-1.0.11-13.1mdv2010.2.i586.rpm f8358bb5e71e3a7aa16ba21b494bb0d7 2010.1/i586/mysql-plugin_pinba-0.0.5-13.1mdv2010.2.i586.rpm acbe66b8e8e3f908293df4245c17b2fd 2010.1/i586/mysql-plugin_revision-0.1-13.1mdv2010.2.i586.rpm 48af02184d67efb8102b1cc95e05a04a 2010.1/i586/mysql-plugin_sphinx-0.9.9-13.1mdv2010.2.i586.rpm c759186cfea5fc30e40cb3c478db040b 2010.1/SRPMS/mysql-5.1.54-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 85ac66bedb992414bac140032eb47ed1 2010.1/x86_64/lib64mysql16-5.1.54-0.1mdv2010.2.x86_64.rpm e85bd21971ca794e95bb9f541a3511cc 2010.1/x86_64/lib64mysql-devel-5.1.54-0.1mdv2010.2.x86_64.rpm b1c5ce8655927dd256fcd41c1bbdf0fc 2010.1/x86_64/lib64mysql-static-devel-5.1.54-0.1mdv2010.2.x86_64.rpm 5784ccf8aa36e5000edc04150beee1cf 2010.1/x86_64/mysql-5.1.54-0.1mdv2010.2.x86_64.rpm 54ab31208fc60287f6b8fca8ede588e3 2010.1/x86_64/mysql-bench-5.1.54-0.1mdv2010.2.x86_64.rpm 92c29d677050756b9eb98cab809716cb 2010.1/x86_64/mysql-client-5.1.54-0.1mdv2010.2.x86_64.rpm 02219be1589f879e7c3a270bcf1764c9 2010.1/x86_64/mysql-common-5.1.54-0.1mdv2010.2.x86_64.rpm 331dda5c7e2495db7a7422ebc4d3766c 2010.1/x86_64/mysql-common-core-5.1.54-0.1mdv2010.2.x86_64.rpm 0fb4c6c0206dd361b485343a63f38597 2010.1/x86_64/mysql-core-5.1.54-0.1mdv2010.2.x86_64.rpm 55e606e6edd8e79e878d5da3dd4161c0 2010.1/x86_64/mysql-plugin_pbxt-1.0.11-13.1mdv2010.2.x86_64.rpm 710964319335515700860f6ac3a856e1 2010.1/x86_64/mysql-plugin_pinba-0.0.5-13.1mdv2010.2.x86_64.rpm 3aad9d71ce8730d504ede7eb465584b8 2010.1/x86_64/mysql-plugin_revision-0.1-13.1mdv2010.2.x86_64.rpm 89803a2b93fefa5630b5442750e08d87 2010.1/x86_64/mysql-plugin_sphinx-0.9.9-13.1mdv2010.2.x86_64.rpm c759186cfea5fc30e40cb3c478db040b 2010.1/SRPMS/mysql-5.1.54-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNNHO+mqjQ0CJFipgRAm6EAKDG2iqE1+/8+QNft7mDIH4UbSCXPwCg6TIL 1CH1mHh9jS/cq2pmqKpMTNw= =8MY+ -----END PGP SIGNATURE-----