LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pardus alert 2010-122 (mysql-server)



From:
    	      Eren Turkay <eren@pardus.org.tr> 


To:
    	      pardus-security@pardus.org.tr 


Subject:
    	      [Pardus-security] [PLSA 2010-122] MySQL: Multiple Vulnerabilities 


Date:
    	      Mon,  6 Sep 2010 14:27:10 +0300 (EEST)


Message-ID:
    	      <20100906112710.9BC8FA7AB8A@lider.pardus.org.tr>


Archive-link:
    	      Article, Thread
              


------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-122           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-09-06
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in MySQL. 


Description
===========

1) An error within the handling of DDL statements after having  changed 
the  "innodb_file_per_table" or   "innodb_file_format"   configuration  
parameters can be exploited to crash the server. 



2) An error when handling joins involving a unique "SET" column can  be 
exploited to crash the server. 



3) An error when handling NULL arguments passed  to  "IN()"  or  "CASE" 
operations can be exploited to crash the server. 



4) An error when processing certain malformed arguments passed  to  the 
"BINLOG" statement can be exploited to crash the server. 



5) An error when processing "TEMPORARY" InnoDB tables featuring nullable
columns can be exploited to crash the server. 



6) An error when performing alternating reads from two indexes on tables
using the "HANDLER" interface can be exploited to crash the server. 



7) An error when handling "EXPLAIN" statements on certain queries can be
exploited to crash the server. 



8) An error when handling "LOAD DATA INFILE" statements can lead to the 
return of an "OK" packet although errors have been encountered. 



Affected packages:

  Pardus 2009:
    mysql-server, all before 5.1.50-50-13


Resolution
==========

There are update(s) for mysql-server. You can update them  via  Package 
Manager or with a single command from console: 

    pisi up mysql-server

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=14193
  * http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds