Synopsis: Moderate: mysql security update Issue date: 2011-01-18 CVE Names: CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 The MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840) A flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839) A flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3838) A flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837) MySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836) A flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3835) A flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833) A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683) A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682) A flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681) A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3680) A flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679) A flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678) A flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677) Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash. These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. SL 6.x SRPMS: mysql-5.1.52-1.el6_0.1.src.rpm i386: mysql-5.1.52-1.el6_0.1.i686.rpm mysql-bench-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-server-5.1.52-1.el6_0.1.i686.rpm mysql-test-5.1.52-1.el6_0.1.i686.rpm x86_64: mysql-5.1.52-1.el6_0.1.x86_64.rpm mysql-bench-5.1.52-1.el6_0.1.x86_64.rpm mysql-devel-5.1.52-1.el6_0.1.i686.rpm mysql-devel-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-5.1.52-1.el6_0.1.x86_64.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.i686.rpm mysql-embedded-devel-5.1.52-1.el6_0.1.x86_64.rpm mysql-libs-5.1.52-1.el6_0.1.i686.rpm mysql-libs-5.1.52-1.el6_0.1.x86_64.rpm mysql-server-5.1.52-1.el6_0.1.x86_64.rpm mysql-test-5.1.52-1.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson