| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2011:0164.
MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.
The MySQL PolyFromWKB() function did not sanity check Well-Known Binary
(WKB) data, which could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3840)
A flaw in the way MySQL processed certain JOIN queries could allow a
remote, authenticated attacker to cause excessive CPU use (up to 100%), if
a stored procedure contained JOIN queries, and that procedure was executed
twice in sequence. (CVE-2010-3839)
A flaw in the way MySQL processed queries that provide a mixture of numeric
and longblob data types to the LEAST or GREATEST function, could allow a
remote, authenticated attacker to crash mysqld. (CVE-2010-3838)
A flaw in the way MySQL processed PREPARE statements containing both
GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3837)
MySQL did not properly pre-evaluate LIKE arguments in view prepare mode,
possibly allowing a remote, authenticated attacker to crash mysqld.
(CVE-2010-3836)
A flaw in the way MySQL processed statements that assign a value to a
user-defined variable and that also contain a logical value evaluation
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)
A flaw in the way MySQL evaluated the arguments of extreme-value functions,
such as LEAST and GREATEST, could allow a remote, authenticated attacker to
crash mysqld. (CVE-2010-3833)
A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to
send OK packets even when there were errors. (CVE-2010-3683)
A flaw in the way MySQL processed EXPLAIN statements for some complex
SELECT queries could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3682)
A flaw in the way MySQL processed certain alternating READ requests
provided by HANDLER statements could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3681)
A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that
define NULL columns when using the InnoDB storage engine, could allow a
remote, authenticated attacker to crash mysqld. (CVE-2010-3680)
A flaw in the way MySQL processed certain values provided to the BINLOG
statement caused MySQL to read unassigned memory. A remote, authenticated
attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679)
A flaw in the way MySQL processed SQL queries containing IN or CASE
statements, when a NULL argument was provided as one of the arguments to
the query, could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3678)
A flaw in the way MySQL processed JOIN queries that attempt to retrieve
data from a unique SET column could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3677)
Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835,
CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678,
and CVE-2010-3677 only cause a temporary denial of service, as mysqld was
automatically restarted after each crash.
These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL
release notes for a full list of changes:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2011-0164.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html
Risk factor : Medium
CVSS Score:
5.0
|
