paul Posted November 9, 2010 Report Share Posted November 9, 2010 Multiple vulnerabilities were discovered and corrected in mysql: * During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash (CVE-2010-3833). * The server could crash after materializing a derived table that required a temporary table for grouping (CVE-2010-3834). * A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted (CVE-2010-3835). * Pre-evaluation of LIKE predicates during view preparation could cause a server crash (CVE-2010-3836). * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash (CVE-2010-3837). * Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table (CVE-2010-3838). * Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements (CVE-2010-3839). * The PolyFromWKB() function could crash the server when improper WKB data was passed to the function (CVE-2010-3840). The updated packages have been patched to correct these issues. Link to comment Share on other sites More sharing options...
Recommended Posts