LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

November 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA November 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: mysql on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 4 Nov 2010 13:23:07 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (97 lines)

Synopsis:	Moderate: mysql security update
Issue date:	2010-11-03
CVE Names:	CVE-2010-3677 CVE-2010-3680 CVE-2010-3681
                   CVE-2010-3682 CVE-2010-3833 CVE-2010-3835
                   CVE-2010-3836 CVE-2010-3837 CVE-2010-3838
                   CVE-2010-3839 CVE-2010-3840


It was found that the MySQL PolyFromWKB() function did not sanity check
Well-Known Binary (WKB) data. A remote, authenticated attacker could use
specially-crafted WKB data to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3840)

A flaw was found in the way MySQL processed certain JOIN queries. If a
stored procedure contained JOIN queries, and that procedure was executed
twice in sequence, it could cause an infinite loop, leading to excessive
CPU use (up to 100%). A remote, authenticated attacker could use this flaw
to cause a denial of service. (CVE-2010-3839)

A flaw was found in the way MySQL processed queries that provide a mixture
of numeric and longblob data types to the LEAST or GREATEST function. A
remote, authenticated attacker could use this flaw to crash mysqld. This
issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3838)

A flaw was found in the way MySQL processed PREPARE statements containing
both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated
attacker could use this flaw to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3837)

It was found that MySQL did not properly pre-evaluate LIKE arguments in
view prepare mode. A remote, authenticated attacker could possibly use 
this flaw to crash mysqld. (CVE-2010-3836)

A flaw was found in the way MySQL processed statements that assign a 
value to a user-defined variable and that also contain a logical value
evaluation. A remote, authenticated attacker could use this flaw to 
crash mysqld. This issue only caused a temporary denial of service, as 
mysqld was automatically restarted after the crash. (CVE-2010-3835)

A flaw was found in the way MySQL evaluated the arguments of 
extreme-value functions, such as LEAST and GREATEST. A remote, 
authenticated attacker could use this flaw to crash mysqld. This issue 
only caused a temporary denial of service, as mysqld was automatically 
restarted after the crash. (CVE-2010-3833)

A flaw was found in the way MySQL processed EXPLAIN statements for some
complex SELECT queries. A remote, authenticated attacker could use this
flaw to crash mysqld. This issue only caused a temporary denial of 
service, as mysqld was automatically restarted after the crash. 
(CVE-2010-3682)

A flaw was found in the way MySQL processed certain alternating READ
requests provided by HANDLER statements. A remote, authenticated 
attacker could use this flaw to provide such requests, causing mysqld to 
crash. This issue only caused a temporary denial of service, as mysqld 
was automatically restarted after the crash. (CVE-2010-3681)

A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE
statements that define NULL columns when using the InnoDB storage 
engine. A remote, authenticated attacker could use this flaw to crash 
mysqld. This issue only caused a temporary denial of service, as mysqld 
was automatically restarted after the crash. (CVE-2010-3680)

A flaw was found in the way MySQL processed JOIN queries that attempt to
retrieve data from a unique SET column. A remote, authenticated attacker
could use this flaw to crash mysqld. This issue only caused a temporary
denial of service, as mysqld was automatically restarted after the 
crash. (CVE-2010-3677)

After installing this update, the MySQL server daemon (mysqld) will be 
restarted automatically.

SL 5.x

     SRPMS:
mysql-5.0.77-4.el5_5.4.src.rpm
     i386:
mysql-5.0.77-4.el5_5.4.i386.rpm
mysql-bench-5.0.77-4.el5_5.4.i386.rpm
mysql-devel-5.0.77-4.el5_5.4.i386.rpm
mysql-server-5.0.77-4.el5_5.4.i386.rpm
mysql-test-5.0.77-4.el5_5.4.i386.rpm
     x86_64:
mysql-5.0.77-4.el5_5.4.i386.rpm
mysql-5.0.77-4.el5_5.4.x86_64.rpm
mysql-bench-5.0.77-4.el5_5.4.x86_64.rpm
mysql-devel-5.0.77-4.el5_5.4.i386.rpm
mysql-devel-5.0.77-4.el5_5.4.x86_64.rpm
mysql-server-5.0.77-4.el5_5.4.x86_64.rpm
mysql-test-5.0.77-4.el5_5.4.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV