blob: a435dea91b46079d6192856e4f1ef175bbcd296c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in the MySQL database server.
The Common Vulnerabilities and Exposures project identifies the following
problems:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3677">CVE-2010-3677</a>
<p>It was discovered that MySQL allows remote authenticated users to cause
a denial of service (mysqld daemon crash) via a join query that uses a
table with a unique SET column.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3680">CVE-2010-3680</a>
<p>It was discovered that MySQL allows remote authenticated users to cause
a denial of service (mysqld daemon crash) by creating temporary tables
while using InnoDB, which triggers an assertion failure.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3681">CVE-2010-3681</a>
<p>It was discovered that MySQL allows remote authenticated users to cause
a denial of service (mysqld daemon crash) by using the HANDLER interface
and performing "alternate reads from two indexes on a table," which
triggers an assertion failure.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3682">CVE-2010-3682</a>
<p>It was discovered that MySQL incorrectly handled use of EXPLAIN with
certain queries.
An authenticated user could crash the server.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3833">CVE-2010-3833</a>
<p>It was discovered that MySQL incorrectly handled propagation during
evaluation of arguments to extreme-value functions.
An authenticated user could crash the server.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3834">CVE-2010-3834</a>
<p>It was discovered that MySQL incorrectly handled materializing a derived
table that required a temporary table for grouping.
An authenticated user could crash the server.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3835">CVE-2010-3835</a>
<p>It was discovered that MySQL incorrectly handled certain user-variable
assignment expressions that are evaluated in a logical expression context.
An authenticated user could crash the server.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3836">CVE-2010-3836</a>
<p>It was discovered that MySQL incorrectly handled pre-evaluation of LIKE
predicates during view preparation.
An authenticated user could crash the server.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3837">CVE-2010-3837</a>
<p>It was discovered that MySQL incorrectly handled using GROUP_CONCAT()
and WITH ROLLUP together.
An authenticated user could crash the server.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3838">CVE-2010-3838</a>
<p>It was discovered that MySQL incorrectly handled certain queries using a
mixed list of numeric and LONGBLOB arguments to the GREATEST() or
LEAST() functions.
An authenticated user could crash the server.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2010-3840">CVE-2010-3840</a>
<p>It was discovered that MySQL incorrectly handled improper WKB data
passed to the PolyFromWKB() function.
An authenticated user could crash the server.</p></li>
</ul>
<p>For the stable distribution (lenny), these problems have been fixed
in version 5.0.51a-24+lenny5.</p>
<p>The testing (squeeze) and unstable (sid) distribution do not contain
mysql-dfsg-5.0 anymore.</p>
<p>We recommend that you upgrade your mysql-dfsg-5.0 packages.</p>
<p>Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <a href="$(HOME)/security/">https://www.debian.org/security/</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2011/dsa-2143.data"
# $Id$
|