MDVSA-2010:222 -- Mandriva mysqlID: oval:org.secpod.oval:def:300129 | Date: (C)2012-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered and corrected in mysql: * Joins involving a table with with a unique SET column could cause a server crash . * Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash . * The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface . * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY could cause a server crash . * During evaluation of arguments to extreme-value functions , type errors did not propagate properly, causing the server to crash . * The server could crash after materializing a derived table that required a temporary table for grouping . * A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted . * Pre-evaluation of LIKE predicates during view preparation could cause a server crash . * GROUP_CONCAT and WITH ROLLUP together could cause a server crash . * Queries could cause a server crash if the GREATEST or LEAST function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table . * Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements . * The PolyFromWKB function could crash the server when improper WKB data was passed to the function . Additionally the default behaviour of using the mysqlmanager instead of the mysqld_safe script has been reverted in the SysV init script because of instability issues with the mysqlmanager. Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2009.0 |