Sender: |
|
Date: |
Thu, 4 Nov 2010 13:27:37 -0500 |
MIME-version: |
1.0 |
Reply-To: |
|
Content-type: |
text/plain; format=flowed; charset=ISO-8859-1 |
Subject: |
|
From: |
|
Content-transfer-encoding: |
7BIT |
Comments: |
|
Parts/Attachments: |
|
|
Synopsis: Moderate: mysql security update
Issue date: 2010-11-03
CVE Names: CVE-2010-1848 CVE-2010-3681 CVE-2010-3840
It was found that the MySQL PolyFromWKB() function did not sanity check
Well-Known Binary (WKB) data. A remote, authenticated attacker could use
specially-crafted WKB data to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3840)
A flaw was found in the way MySQL processed certain alternating READ
requests provided by HANDLER statements. A remote, authenticated
attacker could use this flaw to provide such requests, causing mysqld to
crash. This issue only caused a temporary denial of service, as mysqld
was automatically restarted after the crash. (CVE-2010-3681)
A directory traversal flaw was found in the way MySQL handled the
parameters of the MySQL COM_FIELD_LIST network protocol command. A
remote, authenticated attacker could use this flaw to obtain
descriptions of the fields of an arbitrary table using a request with a
specially-crafted table name. (CVE-2010-1848)
After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically.
SL 4.x
SRPMS:
mysql-4.1.22-2.el4_8.4.src.rpm
i386:
mysql-4.1.22-2.el4_8.4.i386.rpm
mysql-bench-4.1.22-2.el4_8.4.i386.rpm
mysql-devel-4.1.22-2.el4_8.4.i386.rpm
mysql-server-4.1.22-2.el4_8.4.i386.rpm
x86_64:
mysql-4.1.22-2.el4_8.4.i386.rpm
mysql-4.1.22-2.el4_8.4.x86_64.rpm
mysql-bench-4.1.22-2.el4_8.4.x86_64.rpm
mysql-devel-4.1.22-2.el4_8.4.i386.rpm
mysql-devel-4.1.22-2.el4_8.4.x86_64.rpm
mysql-server-4.1.22-2.el4_8.4.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|