Mandriva Linux Security Advisory : mysql (MDVSA-2010:223)

medium Nessus Plugin ID 50534

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities were discovered and corrected in mysql :

- During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash (CVE-2010-3833).

- The server could crash after materializing a derived table that required a temporary table for grouping (CVE-2010-3834).

- A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted (CVE-2010-3835).

- Pre-evaluation of LIKE predicates during view preparation could cause a server crash (CVE-2010-3836).

- GROUP_CONCAT() and WITH ROLLUP together could cause a server crash (CVE-2010-3837).

- Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table (CVE-2010-3838).

- Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements (CVE-2010-3839).

- The PolyFromWKB() function could crash the server when improper WKB data was passed to the function (CVE-2010-3840).

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

See Also

https://bugs.mysql.com/bug.php?id=51875

https://bugs.mysql.com/bug.php?id=53544

https://bugs.mysql.com/bug.php?id=54461

https://bugs.mysql.com/bug.php?id=54476

https://bugs.mysql.com/bug.php?id=54568

https://bugs.mysql.com/bug.php?id=55564

https://bugs.mysql.com/bug.php?id=55568

https://bugs.mysql.com/bug.php?id=55826

Plugin Details

Severity: Medium

ID: 50534

File Name: mandriva_MDVSA-2010-223.nasl

Version: 1.15

Type: local

Published: 11/10/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64mysql-devel, p-cpe:/a:mandriva:linux:lib64mysql-static-devel, p-cpe:/a:mandriva:linux:lib64mysql16, p-cpe:/a:mandriva:linux:libmysql-devel, p-cpe:/a:mandriva:linux:libmysql-static-devel, p-cpe:/a:mandriva:linux:libmysql16, p-cpe:/a:mandriva:linux:mysql, p-cpe:/a:mandriva:linux:mysql-bench, p-cpe:/a:mandriva:linux:mysql-client, p-cpe:/a:mandriva:linux:mysql-common, p-cpe:/a:mandriva:linux:mysql-common-core, p-cpe:/a:mandriva:linux:mysql-core, p-cpe:/a:mandriva:linux:mysql-doc, p-cpe:/a:mandriva:linux:mysql-max, p-cpe:/a:mandriva:linux:mysql-ndb-extra, p-cpe:/a:mandriva:linux:mysql-ndb-management, p-cpe:/a:mandriva:linux:mysql-ndb-storage, p-cpe:/a:mandriva:linux:mysql-ndb-tools, p-cpe:/a:mandriva:linux:mysql-plugin_pbxt, p-cpe:/a:mandriva:linux:mysql-plugin_pinba, p-cpe:/a:mandriva:linux:mysql-plugin_revision, p-cpe:/a:mandriva:linux:mysql-plugin_sphinx, p-cpe:/a:mandriva:linux:mysql-plugin_spider, cpe:/o:mandriva:linux:2009.1, cpe:/o:mandriva:linux:2010.0, cpe:/o:mandriva:linux:2010.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/9/2010

Reference Information

CVE: CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840

BID: 43676

MDVSA: 2010:223