Skip to navigation

Security Advisory Moderate: mysql security update

Advisory: RHSA-2010:0825-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-11-03
Last updated on: 2010-11-03
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2010-3677
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3833
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3839
CVE-2010-3840

Details

Updated mysql packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

It was found that the MySQL PolyFromWKB() function did not sanity check
Well-Known Binary (WKB) data. A remote, authenticated attacker could use
specially-crafted WKB data to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3840)

A flaw was found in the way MySQL processed certain JOIN queries. If a
stored procedure contained JOIN queries, and that procedure was executed
twice in sequence, it could cause an infinite loop, leading to excessive
CPU use (up to 100%). A remote, authenticated attacker could use this flaw
to cause a denial of service. (CVE-2010-3839)

A flaw was found in the way MySQL processed queries that provide a mixture
of numeric and longblob data types to the LEAST or GREATEST function. A
remote, authenticated attacker could use this flaw to crash mysqld. This
issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3838)

A flaw was found in the way MySQL processed PREPARE statements containing
both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated
attacker could use this flaw to crash mysqld. This issue only caused a
temporary denial of service, as mysqld was automatically restarted after
the crash. (CVE-2010-3837)

It was found that MySQL did not properly pre-evaluate LIKE arguments in
view prepare mode. A remote, authenticated attacker could possibly use this
flaw to crash mysqld. (CVE-2010-3836)

A flaw was found in the way MySQL processed statements that assign a value
to a user-defined variable and that also contain a logical value
evaluation. A remote, authenticated attacker could use this flaw to crash
mysqld. This issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3835)

A flaw was found in the way MySQL evaluated the arguments of extreme-value
functions, such as LEAST and GREATEST. A remote, authenticated attacker
could use this flaw to crash mysqld. This issue only caused a temporary
denial of service, as mysqld was automatically restarted after the crash.
(CVE-2010-3833)

A flaw was found in the way MySQL processed EXPLAIN statements for some
complex SELECT queries. A remote, authenticated attacker could use this
flaw to crash mysqld. This issue only caused a temporary denial of service,
as mysqld was automatically restarted after the crash. (CVE-2010-3682)

A flaw was found in the way MySQL processed certain alternating READ
requests provided by HANDLER statements. A remote, authenticated attacker
could use this flaw to provide such requests, causing mysqld to crash. This
issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3681)

A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE
statements that define NULL columns when using the InnoDB storage engine. A
remote, authenticated attacker could use this flaw to crash mysqld. This
issue only caused a temporary denial of service, as mysqld was
automatically restarted after the crash. (CVE-2010-3680)

A flaw was found in the way MySQL processed JOIN queries that attempt to
retrieve data from a unique SET column. A remote, authenticated attacker
could use this flaw to crash mysqld. This issue only caused a temporary
denial of service, as mysqld was automatically restarted after the crash.
(CVE-2010-3677)

All MySQL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the MySQL server daemon (mysqld) will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
mysql-5.0.77-4.el5_5.4.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: eb82e586570d7decef8da1739f00e3dd
SHA-256: 85c8e13977ffef369bbe9071cee059a56894e1980a041ef37b1c1aef7be3cd75
 
IA-32:
mysql-bench-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 74435eda1e65fbafc0d81b67b85447dd
SHA-256: bcaced470a9bbb8ddbb6cbd3372e0be5826d8f34cc63c7b88c56a5db8e893e05
mysql-devel-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: e48c1ae564fa12740df049d6fddb90c7
SHA-256: e204ce8e45b12e7190ba20861477819344489ed9aa8bf38b34b67102c3e2354e
mysql-server-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0fae7ff6e1863dcb5cd9661a99a4aab8
SHA-256: dd00b6479b10ad5129217664f4e27c59103cf4a380cdc2a3799a8ba9d343702f
mysql-test-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 917b371c895eacbb8596c8210c2ce244
SHA-256: a686a87a9f33e1f31ef7cc4957d226cef2e961077e9ac9663b8f98196de0b2ae
 
x86_64:
mysql-bench-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 12b2edba9b87b13ce785c3f986fe1f06
SHA-256: 6d563b980ad150e809522d24200b57f73f5c8c2b502398efe63a9da628ce3d0c
mysql-devel-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: e48c1ae564fa12740df049d6fddb90c7
SHA-256: e204ce8e45b12e7190ba20861477819344489ed9aa8bf38b34b67102c3e2354e
mysql-devel-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: c0ff86f7ee81c3339412d263c3f81a37
SHA-256: 2b0b7b65ec7195cd95a3f981027528ac87644b1d4d8c96107c301ae5f6d30004
mysql-server-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 7f852a910a2fd31ed8b6f552cd447c87
SHA-256: 67fdd0e23dccf840787617219b65e9d6be0099219aa5b3683d7c72aa3d94d34e
mysql-test-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: be73a66e23ac0d5abf5c51172d570899
SHA-256: e9ba117acdfd2d71bfa7d7f9eb5696bc5f05c50498d4191f11d97b0a0a2f2f5b
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
mysql-5.0.77-4.el5_5.4.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: eb82e586570d7decef8da1739f00e3dd
SHA-256: 85c8e13977ffef369bbe9071cee059a56894e1980a041ef37b1c1aef7be3cd75
 
IA-32:
mysql-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6293137a428ebbc1c22201170d849a20
SHA-256: b949ca401cef4951102da8287bee61ec0f4e4d7b6231b88c3ba706fbef0397d6
mysql-bench-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 74435eda1e65fbafc0d81b67b85447dd
SHA-256: bcaced470a9bbb8ddbb6cbd3372e0be5826d8f34cc63c7b88c56a5db8e893e05
mysql-devel-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: e48c1ae564fa12740df049d6fddb90c7
SHA-256: e204ce8e45b12e7190ba20861477819344489ed9aa8bf38b34b67102c3e2354e
mysql-server-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0fae7ff6e1863dcb5cd9661a99a4aab8
SHA-256: dd00b6479b10ad5129217664f4e27c59103cf4a380cdc2a3799a8ba9d343702f
mysql-test-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 917b371c895eacbb8596c8210c2ce244
SHA-256: a686a87a9f33e1f31ef7cc4957d226cef2e961077e9ac9663b8f98196de0b2ae
 
IA-64:
mysql-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6293137a428ebbc1c22201170d849a20
SHA-256: b949ca401cef4951102da8287bee61ec0f4e4d7b6231b88c3ba706fbef0397d6
mysql-5.0.77-4.el5_5.4.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 78f829fa99894083458efe0666b49928
SHA-256: 7f9447c625f275ba46af21aa484f80b8687ebf25fa0c924142edf149396fa8d6
mysql-bench-5.0.77-4.el5_5.4.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0cf4ab740e7d4fc9aa2fcdbb0d46553f
SHA-256: ba62b04fd9beedade5870d006025fa245bbebcfdb368d31d80e04c5347645cec
mysql-devel-5.0.77-4.el5_5.4.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: d23c39740f8d47617c0083a8f36be821
SHA-256: 460d3e9d142a7e0ca9051f1e1ab505dff210a98b638435796ed19544fc78bb62
mysql-server-5.0.77-4.el5_5.4.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 171a242dc79f229767d805ab7ab3b234
SHA-256: f498b2119549e03933f80a6ad49ce42101947e6e0ced015fe316640e73f7376f
mysql-test-5.0.77-4.el5_5.4.ia64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 8ae2a03719cafe72e68b5c74e729b9ef
SHA-256: adc8990e70b662203ec6211f36f623d94896f57399231f783e4156a377fdc4d1
 
PPC:
mysql-5.0.77-4.el5_5.4.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: edd8e84148cb02e16fadab38971d99a1
SHA-256: ebdc5b0d2bbb98000b32f69c079492d73c882fc7f2cb3c05cebfb0394121b13b
mysql-5.0.77-4.el5_5.4.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: cdfb802296daca31a57e8d2c2ce9df5c
SHA-256: 18d7c311703e440de4eb54ecd37644451c5703428b029e30875788642a7523dd
mysql-bench-5.0.77-4.el5_5.4.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 2889907610d3ab9bf86dd19892f9b3af
SHA-256: f48af448a6ea2b54ca6dd5260ee5c0e124f53cf6eafc80efb7b7d33769df79ab
mysql-devel-5.0.77-4.el5_5.4.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: 5dde57141e2c0b9f7160d4cb3faf2a36
SHA-256: c5047f9caa84adfd901bed442d280a6361a91cb5b7162a823eebed2a4e73e555
mysql-devel-5.0.77-4.el5_5.4.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: e6b269f9d3831906b89f1e171f638584
SHA-256: bb403f4bbbdfdb816efb3f5d01ff9475af7217e3dc96e666edf72e85c9ff4dd7
mysql-server-5.0.77-4.el5_5.4.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: ced13967f701666755a3c9fcbcfc5e34
SHA-256: 06dde1ab006cc4961b145b7820a6367e4540d187f46f53be3e8b91660e1b8690
mysql-server-5.0.77-4.el5_5.4.ppc64.rpm
File outdated by:  RHSA-2013:0180
    MD5: ae4f5438421acf341e5cbd91d33d3183
SHA-256: d179c58c8cccd10981a98642319c8ac9ef306360f355de5cc851c0384e7be956
mysql-test-5.0.77-4.el5_5.4.ppc.rpm
File outdated by:  RHSA-2013:0180
    MD5: ef19b5b71fbe8722ecfdd73fedc849fc
SHA-256: 5fdf00017e3803f279f75b6f56427f6472e51f11b6209a54194ff64d253ac09b
 
s390x:
mysql-5.0.77-4.el5_5.4.s390.rpm
File outdated by:  RHSA-2013:0180
    MD5: 2ee38f47fce968dcda196efcb12a825b
SHA-256: 1eeab151ce7478d1097c2b32138f586716457120482db159e92435f9bcf3c061
mysql-5.0.77-4.el5_5.4.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 2a82df74bf382e5906ed598210118b74
SHA-256: 2b4dde8775e4be07b26cb5ccdbf5ab92daa3fd9477e66533f600b3a4c6dfa3c5
mysql-bench-5.0.77-4.el5_5.4.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 08bee2ad52dda3d55236d010d3e8e0f2
SHA-256: 9f78be722f49e9d77f5638da579a1e4504ca0e98355c1b000fca6f0e4a79bffb
mysql-devel-5.0.77-4.el5_5.4.s390.rpm
File outdated by:  RHSA-2013:0180
    MD5: 7776edc9625be07c5c53441bbdecdb30
SHA-256: 8c0e0eca91ecf4a8ae2b6c332df67facbd1b99a3fc86c6f970634219e525974d
mysql-devel-5.0.77-4.el5_5.4.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 3c61332d77cef46301c14f6010abd55c
SHA-256: fc1a31ba5b9e8a3e06bbc36d803521578e902a8f3a5a6be592e4556961acf9ea
mysql-server-5.0.77-4.el5_5.4.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 469287a3fa91527812d2f0d18435dc6b
SHA-256: afcb6b20afa53706f04f2820e8bb973ef05fcfc10dba470758e0a8fd68c18562
mysql-test-5.0.77-4.el5_5.4.s390x.rpm
File outdated by:  RHSA-2013:0180
    MD5: 0e711ac864b601dcc485e46359f53ffe
SHA-256: 07ca0bd13e2e6a5f87342196b0d7ec2d415b5ab0a17a86bbe2038baca985edc5
 
x86_64:
mysql-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6293137a428ebbc1c22201170d849a20
SHA-256: b949ca401cef4951102da8287bee61ec0f4e4d7b6231b88c3ba706fbef0397d6
mysql-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6b62a5f0959a1d6091a5fff8ed8a42d4
SHA-256: 74d8de8ac61368bfff549203ea1157c202a480cab7eaccb693bba25c35ed8417
mysql-bench-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 12b2edba9b87b13ce785c3f986fe1f06
SHA-256: 6d563b980ad150e809522d24200b57f73f5c8c2b502398efe63a9da628ce3d0c
mysql-devel-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: e48c1ae564fa12740df049d6fddb90c7
SHA-256: e204ce8e45b12e7190ba20861477819344489ed9aa8bf38b34b67102c3e2354e
mysql-devel-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: c0ff86f7ee81c3339412d263c3f81a37
SHA-256: 2b0b7b65ec7195cd95a3f981027528ac87644b1d4d8c96107c301ae5f6d30004
mysql-server-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 7f852a910a2fd31ed8b6f552cd447c87
SHA-256: 67fdd0e23dccf840787617219b65e9d6be0099219aa5b3683d7c72aa3d94d34e
mysql-test-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: be73a66e23ac0d5abf5c51172d570899
SHA-256: e9ba117acdfd2d71bfa7d7f9eb5696bc5f05c50498d4191f11d97b0a0a2f2f5b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
mysql-5.0.77-4.el5_5.4.src.rpm
File outdated by:  RHSA-2013:0180
    MD5: eb82e586570d7decef8da1739f00e3dd
SHA-256: 85c8e13977ffef369bbe9071cee059a56894e1980a041ef37b1c1aef7be3cd75
 
IA-32:
mysql-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6293137a428ebbc1c22201170d849a20
SHA-256: b949ca401cef4951102da8287bee61ec0f4e4d7b6231b88c3ba706fbef0397d6
 
x86_64:
mysql-5.0.77-4.el5_5.4.i386.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6293137a428ebbc1c22201170d849a20
SHA-256: b949ca401cef4951102da8287bee61ec0f4e4d7b6231b88c3ba706fbef0397d6
mysql-5.0.77-4.el5_5.4.x86_64.rpm
File outdated by:  RHSA-2013:0180
    MD5: 6b62a5f0959a1d6091a5fff8ed8a42d4
SHA-256: 74d8de8ac61368bfff549203ea1157c202a480cab7eaccb693bba25c35ed8417
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

628040 - CVE-2010-3677 MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575)
628192 - CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044)
628328 - CVE-2010-3682 MySQL: mysqld DoS (crash) by processing EXPLAIN statements for complex SQL queries (MySQL bug #52711)
628680 - CVE-2010-3681 MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007)
640751 - CVE-2010-3833 MySQL: CREATE TABLE ... SELECT causes crash when KILL_BAD_DATA is returned (MySQL Bug#55826)
640819 - CVE-2010-3835 MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)
640845 - CVE-2010-3836 MySQL: pre-evaluating LIKE arguments in view prepare mode causes crash (MySQL Bug#54568)
640856 - CVE-2010-3837 MySQL: crash when group_concat and "with rollup" in prepared statements (MySQL Bug#54476)
640858 - CVE-2010-3838 MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461)
640861 - CVE-2010-3839 MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544)
640865 - CVE-2010-3840 MySQL: crash when loading data into geometry function PolyFromWKB() (MySQL Bug#51875)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/