Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Sep 2010 18:06:44 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security <oss-security@...ts.openwall.com>
cc: "Steven M. Christey" <coley@...us.mitre.org>, Tom Lane <tgl@...hat.com>
Subject: Re: CVE Request -- MySQL v5.1.49 -- multiple DoS
 flaws


Sorry for the delay...

There are several issues of the same bug type, but based solely on the 
"Version" field in the associated MySQL bug IDs, it appears that each 
issue has a different set of affected (fixed?) versions.  So these all 
wind up being SPLIT from each other.

> 1, Security Fix: After changing the values of the innodb_file_format or
>                 innodb_file_per_table configuration parameters, DDL 
> statements
>                 could cause a server crash. (Bug#55039)
>   References:   http://bugs.mysql.com/bug.php?id=55039
>                 https://bugzilla.redhat.com/show_bug.cgi?id=628660
>   Reason:       Assertion failure leading to server abort.


CVE-2010-3676


> 2, Security Fix: Joins involving a table with a unique SET column could cause
>                 a server crash. (Bug#54575)
>   References:   http://bugs.mysql.com/bug.php?id=54575
>                 https://bugzilla.redhat.com/show_bug.cgi?id=628040
>   Reason:       NULL pointer dereference leading to (temporary) server DoS.


CVE-2010-3677


> 3, Security Fix: Incorrect handling of NULL arguments could lead to a crash
>                 for IN() or CASE operations when NULL arguments were either
>                 passed explicitly as arguments (for IN()) or implicitly
>                 generated by the WITH ROLLUP  modifier (for IN() and CASE).
>                 (Bug#54477)
>   References:   http://bugs.mysql.com/bug.php?id=54477
>                 https://bugzilla.redhat.com/show_bug.cgi?id=628172
>   Reason:       NULL pointer dereference leading to (temporary) server DoS.


CVE-2010-3678


> 4, Security Fix: A malformed argument to the BINLOG statement could result
>                 in Valgrind warnings or a server crash. (Bug#54393)
>   References:   http://bugs.mysql.com/bug.php?id=54393
>                 https://bugzilla.redhat.com/show_bug.cgi?id=628062
>   Reason:       Use of unassigned memory leading to (temporary) server DoS 
> (crash).


CVE-2010-3679


> 5, Security Fix: Use of TEMPORARY  InnoDB tables with nullable columns could 
> cause
>                 a server crash. (Bug#54044)
>   References:   http://bugs.mysql.com/bug.php?id=54044
>                 https://bugzilla.redhat.com/show_bug.cgi?id=628192
>   Reason:       Assertion failure leading to server abort.


CVE-2010-3680


> 6, Security Fix: The server could crash if there were alternate reads from
>                 two indexes on a table using the HANDLER interface. 
> (Bug#54007)
>   References:   http://bugs.mysql.com/bug.php?id=54007
>                 https://bugzilla.redhat.com/show_bug.cgi?id=628680
>   Reason:       Assertion failure leading to server abort.


CVE-2010-3681


> 7, Security Fix: Using EXPLAIN with queries of the form SELECT ... UNION
>                 ... ORDER BY (SELECT ... WHERE ...) could cause a server
>                 crash. (Bug#52711)
>   References:   http://bugs.mysql.com/bug.php?id=52711
>                 https://bugzilla.redhat.com/show_bug.cgi?id=628328
>   Reason:       NULL pointer dereference leading to (temporary) server DoS.


CVE-2010-3682


> 8, Security Fix: LOAD DATA INFILE did not check for SQL errors and sent an
>                 OK packet even when errors were already reported. Also, an
>                 assert related to client-server protocol checking in debug
>                 servers sometimes was raised when it should not have been.
>                 (Bug#52512)
>   References:   http://bugs.mysql.com/bug.php?id=52512
>                 https://bugzilla.redhat.com/show_bug.cgi?id=628698
>   Reason:       Assertion failure leading to server abort.


CVE-2010-3683


- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ