Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:155: mysql

Recommended Posts

Multiple vulnerabilities has been found and corrected in mysql:

 

MySQL before 5.1.48 allows remote authenticated users with alter

database privileges to cause a denial of service (server crash

and database loss) via an ALTER DATABASE command with a #mysql50#

string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or

similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which

causes MySQL to move certain directories to the server data directory

(CVE-2010-2008).

 

Additionally many security issues noted in the 5.1.49 release notes

has been addressed with this advisory as well, such as:

 

* LOAD DATA INFILE did not check for SQL errors and sent an OK packet

even when errors were already reported. Also, an assert related to

client-server protocol checking in debug servers sometimes was raised

when it should not have been. (Bug#52512)

 

* Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY

(SELECT ... WHERE ...) could cause a server crash. (Bug#52711)

 

* The server could crash if there were alternate reads from two

indexes on a table using the HANDLER interface. (Bug#54007)

 

* A malformed argument to the BINLOG statement could result in Valgrind

warnings or a server crash. (Bug#54393)

 

* Incorrect handling of NULL arguments could lead to a crash for IN()

or CASE operations when NULL arguments were either passed explicitly

as arguments (for IN()) or implicitly generated by the WITH ROLLUP

modifier (for IN() and CASE). (Bug#54477)

 

* Joins involving a table with with a unique SET column could cause

a server crash. (Bug#54575)

 

* Use of TEMPORARY InnoDB tables with nullable columns could cause

a server crash. (Bug#54044)

 

The updated packages have been patched to correct these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...