Subject: | |
From: | |
Reply To: | |
Date: | Thu, 4 Nov 2010 13:27:37 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: mysql security update
Issue date: 2010-11-03
CVE Names: CVE-2010-1848 CVE-2010-3681 CVE-2010-3840
It was found that the MySQL PolyFromWKB() function did not sanity check
Well-Known Binary (WKB) data. A remote, authenticated attacker could use
specially-crafted WKB data to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3840)
A flaw was found in the way MySQL processed certain alternating READ
requests provided by HANDLER statements. A remote, authenticated
attacker could use this flaw to provide such requests, causing mysqld to
crash. This issue only caused a temporary denial of service, as mysqld
was automatically restarted after the crash. (CVE-2010-3681)
A directory traversal flaw was found in the way MySQL handled the
parameters of the MySQL COM_FIELD_LIST network protocol command. A
remote, authenticated attacker could use this flaw to obtain
descriptions of the fields of an arbitrary table using a request with a
specially-crafted table name. (CVE-2010-1848)
After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically.
SL 4.x
SRPMS:
mysql-4.1.22-2.el4_8.4.src.rpm
i386:
mysql-4.1.22-2.el4_8.4.i386.rpm
mysql-bench-4.1.22-2.el4_8.4.i386.rpm
mysql-devel-4.1.22-2.el4_8.4.i386.rpm
mysql-server-4.1.22-2.el4_8.4.i386.rpm
x86_64:
mysql-4.1.22-2.el4_8.4.i386.rpm
mysql-4.1.22-2.el4_8.4.x86_64.rpm
mysql-bench-4.1.22-2.el4_8.4.x86_64.rpm
mysql-devel-4.1.22-2.el4_8.4.i386.rpm
mysql-devel-4.1.22-2.el4_8.4.x86_64.rpm
mysql-server-4.1.22-2.el4_8.4.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|