MDVSA-2010:223 -- Mandriva mysqlID: oval:org.secpod.oval:def:300302 | Date: (C)2012-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered and corrected in mysql: * During evaluation of arguments to extreme-value functions , type errors did not propagate properly, causing the server to crash . * The server could crash after materializing a derived table that required a temporary table for grouping . * A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted . * Pre-evaluation of LIKE predicates during view preparation could cause a server crash . * GROUP_CONCAT and WITH ROLLUP together could cause a server crash . * Queries could cause a server crash if the GREATEST or LEAST function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table . * Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements . * The PolyFromWKB function could crash the server when improper WKB data was passed to the function . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.1 |