Skip to navigation

Security Advisory Important: mysql security update

Advisory: RHSA-2010:0442-1
Type: Security Advisory
Severity: Important
Issued on: 2010-05-26
Last updated on: 2010-05-26
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-1626
CVE-2010-1848
CVE-2010-1850

Details

Updated mysql packages that fix three security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

A buffer overflow flaw was found in the way MySQL handled the parameters of
the MySQL COM_FIELD_LIST network protocol command (this command is sent
when a client uses the MySQL mysql_list_fields() client library function).
An authenticated database user could send a request with an excessively
long table name to cause a temporary denial of service (mysqld crash) or,
potentially, execute arbitrary code with the privileges of the database
server. (CVE-2010-1850)

A directory traversal flaw was found in the way MySQL handled the
parameters of the MySQL COM_FIELD_LIST network protocol command. An
authenticated database user could use this flaw to obtain descriptions of
the fields of an arbitrary table using a request with a specially-crafted
table name. (CVE-2010-1848)

A flaw was discovered in the way MySQL handled symbolic links to tables
created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE
TABLE statements. An attacker with CREATE and DROP table privileges, and
shell access to the database server, could use this flaw to remove data and
index files of tables created by other database users using the MyISAM
storage engine. (CVE-2010-1626)

All MySQL users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, the MySQL server daemon (mysqld) will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
mysql-5.0.77-4.el5_5.3.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6b83e0bbd44bf9c06f254dab1bd644fe
SHA-256: e0cbde622869ca45c19f9a35820c2674e6d4e409f6e3447d954d280f0daa46ca
 
IA-32:
mysql-bench-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 1775083abf17f1261d02a2acc7eaa0e4
SHA-256: fbd20bf559c4d0c6b42e1f5973bb50381a4025229c49c016bf4c65b074c0cc6e
mysql-devel-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 09c3723edbeacc4f3b55b197783a327f
SHA-256: a11efb3ec1be076cffec00cd726aca70dd2f47ac2225e50b07ac2c5248832c69
mysql-server-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: a5613e8cddfe1ed2daf90795fcebbcb8
SHA-256: d98a66b603d7b86f18a5b08828f7b259f9259a6948cadd94124bc1ad6946d458
mysql-test-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 195f43e5fe11e2468e893b059e00420a
SHA-256: 3404fe239cf63260a07a3c8bdf2d91927be5922e4c6bc5d18ca336a85d666e3f
 
x86_64:
mysql-bench-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: abb01ae9fc793b97b07b7e07e7f03c59
SHA-256: ff96d3c93d010ac080bbef91968c68e64422020b1635b0e6356255a64825c3be
mysql-devel-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 09c3723edbeacc4f3b55b197783a327f
SHA-256: a11efb3ec1be076cffec00cd726aca70dd2f47ac2225e50b07ac2c5248832c69
mysql-devel-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 5aa247c4150ea5c9ec221b2c9e8b5c2f
SHA-256: b29b1c6113aea828eaad777574013963fb62f5324f708ab28a7cc7a26234572a
mysql-server-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 4134496776a72051eab50eea53672022
SHA-256: cf9d6584ff41129d0d5a6068721af5f76404a5c8a7c3152761bb8efdb69495d3
mysql-test-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 5d1cb512374f00b5f6025ba43358a0f0
SHA-256: 4a2ad1ff3b38f1685dcc09a8a9ebe456e0902ef02e01c4b4970a296def3499ab
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
mysql-5.0.77-4.el5_5.3.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6b83e0bbd44bf9c06f254dab1bd644fe
SHA-256: e0cbde622869ca45c19f9a35820c2674e6d4e409f6e3447d954d280f0daa46ca
 
IA-32:
mysql-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 39270872798ce4c7c1b67574d0609e54
SHA-256: 556e53010017c255b1f7d1811772dba02cf501373e116a7e2d06ad09d695db8d
mysql-bench-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 1775083abf17f1261d02a2acc7eaa0e4
SHA-256: fbd20bf559c4d0c6b42e1f5973bb50381a4025229c49c016bf4c65b074c0cc6e
mysql-devel-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 09c3723edbeacc4f3b55b197783a327f
SHA-256: a11efb3ec1be076cffec00cd726aca70dd2f47ac2225e50b07ac2c5248832c69
mysql-server-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: a5613e8cddfe1ed2daf90795fcebbcb8
SHA-256: d98a66b603d7b86f18a5b08828f7b259f9259a6948cadd94124bc1ad6946d458
mysql-test-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 195f43e5fe11e2468e893b059e00420a
SHA-256: 3404fe239cf63260a07a3c8bdf2d91927be5922e4c6bc5d18ca336a85d666e3f
 
IA-64:
mysql-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 39270872798ce4c7c1b67574d0609e54
SHA-256: 556e53010017c255b1f7d1811772dba02cf501373e116a7e2d06ad09d695db8d
mysql-5.0.77-4.el5_5.3.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0440e88cb81ef99547d5b1ff46571e66
SHA-256: 12fb75d71931a473b4def2d9d838f7e9eb92b0709bd0821f1d401038442d731a
mysql-bench-5.0.77-4.el5_5.3.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: e87e3034c268e5f7b36724e5b6bc21af
SHA-256: 59aea679284d9f5082329ad9fd5a5de6c1ee66f96f4ae41e0c02599919e3d5c2
mysql-devel-5.0.77-4.el5_5.3.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: e2028a1be07bc3b4939bfd446f175144
SHA-256: e60d9da8c068a61705847136ad8b0e34c1bf6ce4efdf6186f9f5f95291bbbafe
mysql-server-5.0.77-4.el5_5.3.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: facafc62e94240847667a1d83ef218e8
SHA-256: 084414ddf1e463f96413dfa55705c3d8a5f37556f96b581ccd355d235c748402
mysql-test-5.0.77-4.el5_5.3.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 629414076fee82224417fc53134258d1
SHA-256: 0b0c36399dc9dbc7c12e54a7f5a70923282a48c51bbe0cee80bcf533b80b748d
 
PPC:
mysql-5.0.77-4.el5_5.3.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 171f5be3ef4035b524904f31d1d81e4b
SHA-256: d06217752ec70dae140934c4f031a6daf6fecc6c48df4005b31aadb06a13a356
mysql-5.0.77-4.el5_5.3.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: c0bf6fe84a75a58bdab4ede4fcaaeb1b
SHA-256: 5ca25fe4dbd71870e51b5f708aaee79cd84600f26817b0074b68d3ff16ba903b
mysql-bench-5.0.77-4.el5_5.3.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 03c006fd3c78694e40769aa8176b127a
SHA-256: 53e9039f8f2e3f129d61aa2a75f4421bdc434345bd7d9b246649b0e8b6f17a7a
mysql-devel-5.0.77-4.el5_5.3.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: beea083e3b2f1e7c5a15d069f062d3a9
SHA-256: 246396dd5503b77519251abe9068d0ff416f18ad24b00ef98c3910e78a610fee
mysql-devel-5.0.77-4.el5_5.3.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 8a77df7b519b76e7837c392aaeca7819
SHA-256: 8edc42fc38c085fc06b1194c4bf759dd09443b3cf1a27d03254d8a95a849933b
mysql-server-5.0.77-4.el5_5.3.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 811a8f114358980ec443557612b713e9
SHA-256: 158187af75ff95fb2f3dd38f1adacecf8ff35033f36ac7a35fb374ee1e61f6d6
mysql-server-5.0.77-4.el5_5.3.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 540a6318782d36af819f36d56eb5bd3d
SHA-256: 94826e409f6a207c6ed6ec03aaf1203e32849ff0c30eb58f16841d74ea53684f
mysql-test-5.0.77-4.el5_5.3.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 2e2cb9e8a9b321a8bd0e35ef2e06ba19
SHA-256: 15bf2da72c3b9c12fa596874685587bc7e10b8764009cfee7c12ddfdf6afa712
 
s390x:
mysql-5.0.77-4.el5_5.3.s390.rpm
File outdated by:  RHSA-2013:0180
    MD5: bae4fd009745a8517e4bce1bef25530f
SHA-256: 2f327b896b293e0fcb5f54ab5156bfcfa029973b5f297c98b9cda7070a786e21
mysql-5.0.77-4.el5_5.3.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 9cdb2c40fd2fe3c8154a3486c097fe6e
SHA-256: 39fc2de6760211e7c8b451a0fe5d3c09866f084f8fcf3e968818919faba30c69
mysql-bench-5.0.77-4.el5_5.3.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 1b4d8dc84e85f09fe064427b4888fce9
SHA-256: 35a7df63ab11d66bbdfc823f6250f43da73cf68e96e7a5a5851094192abeef3c
mysql-devel-5.0.77-4.el5_5.3.s390.rpm
File outdated by:  RHSA-2013:0180
    MD5: 5996a7dfa98d680441e46c00a2ff0963
SHA-256: 09dce087e7e456fe82aaec7956f3416f0de1123a6f5a56142f116301c67b44f5
mysql-devel-5.0.77-4.el5_5.3.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 50bb4e2bfa5cec2cb12a36d6c5aa5f95
SHA-256: 8ffdfe8591173160cdb5a012b29d64dac0f59bcdaca7685ef4b7d277324fb644
mysql-server-5.0.77-4.el5_5.3.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6a9dc08e27c5669bcd42fe0b3e6cacb2
SHA-256: 214d67603582b3dd110365ed429bea0aa2b524e43f810b1166edee358f6dc300
mysql-test-5.0.77-4.el5_5.3.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: f9835b51e81397d3b7b6a74a3d8a34ae
SHA-256: 52aa25ef751af258031fb0069b3a7ed3443151aba2bf14db9e01a245bda9e0f3
 
x86_64:
mysql-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 39270872798ce4c7c1b67574d0609e54
SHA-256: 556e53010017c255b1f7d1811772dba02cf501373e116a7e2d06ad09d695db8d
mysql-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 07ff9ba25579bc6aec75d82863710670
SHA-256: 1fb1b644992099bc2f5befd0480546ad7b38e32735a717fcd5cc676dd63c1990
mysql-bench-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: abb01ae9fc793b97b07b7e07e7f03c59
SHA-256: ff96d3c93d010ac080bbef91968c68e64422020b1635b0e6356255a64825c3be
mysql-devel-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 09c3723edbeacc4f3b55b197783a327f
SHA-256: a11efb3ec1be076cffec00cd726aca70dd2f47ac2225e50b07ac2c5248832c69
mysql-devel-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 5aa247c4150ea5c9ec221b2c9e8b5c2f
SHA-256: b29b1c6113aea828eaad777574013963fb62f5324f708ab28a7cc7a26234572a
mysql-server-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 4134496776a72051eab50eea53672022
SHA-256: cf9d6584ff41129d0d5a6068721af5f76404a5c8a7c3152761bb8efdb69495d3
mysql-test-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 5d1cb512374f00b5f6025ba43358a0f0
SHA-256: 4a2ad1ff3b38f1685dcc09a8a9ebe456e0902ef02e01c4b4970a296def3499ab
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
mysql-5.0.77-4.el5_5.3.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6b83e0bbd44bf9c06f254dab1bd644fe
SHA-256: e0cbde622869ca45c19f9a35820c2674e6d4e409f6e3447d954d280f0daa46ca
 
IA-32:
mysql-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 39270872798ce4c7c1b67574d0609e54
SHA-256: 556e53010017c255b1f7d1811772dba02cf501373e116a7e2d06ad09d695db8d
 
x86_64:
mysql-5.0.77-4.el5_5.3.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 39270872798ce4c7c1b67574d0609e54
SHA-256: 556e53010017c255b1f7d1811772dba02cf501373e116a7e2d06ad09d695db8d
mysql-5.0.77-4.el5_5.3.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 07ff9ba25579bc6aec75d82863710670
SHA-256: 1fb1b644992099bc2f5befd0480546ad7b38e32735a717fcd5cc676dd63c1990
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

553648 - CVE-2010-1626 mysql: table destruction via DATA/INDEX DIRECTORY directives using symlinks
592079 - CVE-2010-1848 mysql: multiple insufficient table name checks
592091 - CVE-2010-1850 mysql: COM_FIELD_LIST table name buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/