ID de Prueba:	1.3.6.1.4.1.25623.1.0.68322
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:223 (mysql)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mysql announced via advisory MDVSA-2010:223. Multiple vulnerabilities were discovered and corrected in mysql: * During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash (CVE-2010-3833). * The server could crash after materializing a derived table that required a temporary table for grouping (CVE-2010-3834). * A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted (CVE-2010-3835). * Pre-evaluation of LIKE predicates during view preparation could cause a server crash (CVE-2010-3836). * GROUP_CONCAT() and WITH ROLLUP together could cause a server crash (CVE-2010-3837). * Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table (CVE-2010-3838). * Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements (CVE-2010-3839). * The PolyFromWKB() function could crash the server when improper WKB data was passed to the function (CVE-2010-3840). The updated packages have been patched to correct these issues. Affected: 2009.1, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:223 http://bugs.mysql.com/bug.php?id=55826 http://bugs.mysql.com/bug.php?id=55568 http://bugs.mysql.com/bug.php?id=55564 http://bugs.mysql.com/bug.php?id=54568 http://bugs.mysql.com/bug.php?id=54476 http://bugs.mysql.com/bug.php?id=54461 http://bugs.mysql.com/bug.php?id=53544 http://bugs.mysql.com/bug.php?id=51875 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3833 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html BugTraq ID: 43676 http://www.securityfocus.com/bid/43676 Debian Security Information: DSA-2143 (Google Search) http://www.debian.org/security/2011/dsa-2143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 http://bugs.mysql.com/bug.php?id=55826 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://www.redhat.com/support/errata/RHSA-2011-0164.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 TurboLinux Advisory: TLSA-2011-3 http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt http://www.ubuntu.com/usn/USN-1017-1 http://www.ubuntu.com/usn/USN-1397-1 http://www.vupen.com/english/advisories/2011/0105 http://www.vupen.com/english/advisories/2011/0170 http://www.vupen.com/english/advisories/2011/0345 XForce ISS Database: mysql-extremevalue-dos(64845) https://exchange.xforce.ibmcloud.com/vulnerabilities/64845 Common Vulnerability Exposure (CVE) ID: CVE-2010-3834 http://bugs.mysql.com/bug.php?id=55568 XForce ISS Database: mysql-derived-table-dos(64844) https://exchange.xforce.ibmcloud.com/vulnerabilities/64844 Common Vulnerability Exposure (CVE) ID: CVE-2010-3835 http://bugs.mysql.com/bug.php?id=55564 XForce ISS Database: mysql-uservariable-dos(64843) https://exchange.xforce.ibmcloud.com/vulnerabilities/64843 Common Vulnerability Exposure (CVE) ID: CVE-2010-3836 XForce ISS Database: mysql-view-preparation-dos(64842) https://exchange.xforce.ibmcloud.com/vulnerabilities/64842 Common Vulnerability Exposure (CVE) ID: CVE-2010-3837 XForce ISS Database: mysql-prepared-statement-dos(64841) https://exchange.xforce.ibmcloud.com/vulnerabilities/64841 Common Vulnerability Exposure (CVE) ID: CVE-2010-3838 http://bugs.mysql.com/bug.php?id=54461 XForce ISS Database: mysql-longblob-dos(64840) https://exchange.xforce.ibmcloud.com/vulnerabilities/64840 Common Vulnerability Exposure (CVE) ID: CVE-2010-3839 XForce ISS Database: mysql-invocations-dos(64839) https://exchange.xforce.ibmcloud.com/vulnerabilities/64839 Common Vulnerability Exposure (CVE) ID: CVE-2010-3840 http://lists.mysql.com/commits/117094 http://www.redhat.com/support/errata/RHSA-2010-0824.html XForce ISS Database: mysql-gislinestringinitfromwkb-dos(64838) https://exchange.xforce.ibmcloud.com/vulnerabilities/64838
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.