First published: Tue Jan 18 2011(Updated: )
MySQL is a multi-user, multi-threaded SQL database server. It consists of<br>the MySQL server daemon (mysqld) and many client programs and libraries.<br>The MySQL PolyFromWKB() function did not sanity check Well-Known Binary<br>(WKB) data, which could allow a remote, authenticated attacker to crash<br>mysqld. (CVE-2010-3840)<br>A flaw in the way MySQL processed certain JOIN queries could allow a<br>remote, authenticated attacker to cause excessive CPU use (up to 100%), if<br>a stored procedure contained JOIN queries, and that procedure was executed<br>twice in sequence. (CVE-2010-3839)<br>A flaw in the way MySQL processed queries that provide a mixture of numeric<br>and longblob data types to the LEAST or GREATEST function, could allow a<br>remote, authenticated attacker to crash mysqld. (CVE-2010-3838)<br>A flaw in the way MySQL processed PREPARE statements containing both<br>GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,<br>authenticated attacker to crash mysqld. (CVE-2010-3837)<br>MySQL did not properly pre-evaluate LIKE arguments in view prepare mode,<br>possibly allowing a remote, authenticated attacker to crash mysqld.<br>(CVE-2010-3836)<br>A flaw in the way MySQL processed statements that assign a value to a<br>user-defined variable and that also contain a logical value evaluation<br>could allow a remote, authenticated attacker to crash mysqld.<br>(CVE-2010-3835)<br>A flaw in the way MySQL evaluated the arguments of extreme-value functions,<br>such as LEAST and GREATEST, could allow a remote, authenticated attacker to<br>crash mysqld. (CVE-2010-3833)<br>A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to<br>send OK packets even when there were errors. (CVE-2010-3683)<br>A flaw in the way MySQL processed EXPLAIN statements for some complex<br>SELECT queries could allow a remote, authenticated attacker to crash<br>mysqld. (CVE-2010-3682)<br>A flaw in the way MySQL processed certain alternating READ requests<br>provided by HANDLER statements could allow a remote, authenticated attacker<br>to crash mysqld. (CVE-2010-3681)<br>A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that<br>define NULL columns when using the InnoDB storage engine, could allow a<br>remote, authenticated attacker to crash mysqld. (CVE-2010-3680)<br>A flaw in the way MySQL processed certain values provided to the BINLOG<br>statement caused MySQL to read unassigned memory. A remote, authenticated<br>attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679)<br>A flaw in the way MySQL processed SQL queries containing IN or CASE<br>statements, when a NULL argument was provided as one of the arguments to<br>the query, could allow a remote, authenticated attacker to crash mysqld.<br>(CVE-2010-3678)<br>A flaw in the way MySQL processed JOIN queries that attempt to retrieve<br>data from a unique SET column could allow a remote, authenticated attacker<br>to crash mysqld. (CVE-2010-3677)<br>Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,<br>CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678,<br>and CVE-2010-3677 only cause a temporary denial of service, as mysqld was<br>automatically restarted after each crash.<br>These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL<br>release notes for a full list of changes:<br><a href="http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html" target="_blank">http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html</a> All MySQL users should upgrade to these updated packages, which correct<br>these issues. After installing this update, the MySQL server daemon<br>(mysqld) will be restarted automatically.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/mysql | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-bench | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-debuginfo | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-debuginfo | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-devel | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-devel | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-embedded | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-embedded | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-embedded-devel | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-embedded-devel | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-libs | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-libs | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-server | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-test | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-bench | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-server | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
redhat/mysql-test | <5.1.52-1.el6_0.1 | 5.1.52-1.el6_0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.