[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2010:155-1 -- Mandriva mysql

ID: oval:org.secpod.oval:def:300290Date: (C)2012-01-07   (M)2023-12-07
Class: PATCHFamily: unix




Multiple vulnerabilities has been found and corrected in mysql: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service via an ALTER DATABASE command with a #mysql50# string followed by a . , .. , ../ or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory . Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as: * LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported. Also, an assert related to client-server protocol checking in debug servers sometimes was raised when it should not have been. * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY could cause a server crash. * The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. * A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash. * Incorrect handling of NULL arguments could lead to a crash for IN or CASE operations when NULL arguments were either passed explicitly as arguments or implicitly generated by the WITH ROLLUP modifier . * Joins involving a table with with a unique SET column could cause a server crash. * Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. The updated packages have been patched to correct these issues. Update: Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory. This advisory provides the missing packages.

Platform:
Mandriva Linux 2009.1
Product:
mysql
Reference:
MDVSA-2010:155-1
CVE-2010-3680
CVE-2010-3677
CVE-2010-3678
CVE-2010-3679
CVE-2010-3681
CVE-2010-3682
CVE-2010-3683
CVE-2010-2008
CVE    8
CVE-2010-2008
CVE-2010-3683
CVE-2010-3681
CVE-2010-3680
...
CPE    1
cpe:/o:mandriva:linux:2009.1

© SecPod Technologies