Synopsis: Moderate: mysql security update Issue date: 2010-11-03 CVE Names: CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially-crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain JOIN queries. If a stored procedure contained JOIN queries, and that procedure was executed twice in sequence, it could cause an infinite loop, leading to excessive CPU use (up to 100%). A remote, authenticated attacker could use this flaw to cause a denial of service. (CVE-2010-3839) A flaw was found in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3838) A flaw was found in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3837) It was found that MySQL did not properly pre-evaluate LIKE arguments in view prepare mode. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3836) A flaw was found in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3835) A flaw was found in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3833) A flaw was found in the way MySQL processed EXPLAIN statements for some complex SELECT queries. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3682) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3680) A flaw was found in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3677) After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. SL 5.x SRPMS: mysql-5.0.77-4.el5_5.4.src.rpm i386: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-bench-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-server-5.0.77-4.el5_5.4.i386.rpm mysql-test-5.0.77-4.el5_5.4.i386.rpm x86_64: mysql-5.0.77-4.el5_5.4.i386.rpm mysql-5.0.77-4.el5_5.4.x86_64.rpm mysql-bench-5.0.77-4.el5_5.4.x86_64.rpm mysql-devel-5.0.77-4.el5_5.4.i386.rpm mysql-devel-5.0.77-4.el5_5.4.x86_64.rpm mysql-server-5.0.77-4.el5_5.4.x86_64.rpm mysql-test-5.0.77-4.el5_5.4.x86_64.rpm -Connie Sieh -Troy Dawson