MDVSA-2011:012 -- Mandriva mysqlID: oval:org.secpod.oval:def:300385 | Date: (C)2012-01-07 (M)2021-09-11 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in mysql: storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service by modifying the innodb_file_format or innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement . MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service via a join query that uses a table with a unique SET column . MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service via IN or CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier . MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind . MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service by creating temporary tables while using InnoDB, which triggers an assertion failure . MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service by using the HANDLER interface and performing alternate reads from two indexes on a table, which triggers an assertion failure . MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY \" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function . MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service via a crafted request . The updated packages have been upgraded to the latest stable 5.1 release to address these issues for both Mandriva Linux 2010.0 and 2010.2.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |