SB2011011105 - Multiple vulnerabilities in Google, mysql
Published: January 11, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2010-3676)
The vulnerability allows a remote #AU# to perform service disruption.
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
2) Resource management error (CVE-ID: CVE-2010-3678)
The vulnerability allows a remote #AU# to perform service disruption.
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
3) Resource management error (CVE-ID: CVE-2010-3679)
The vulnerability allows a remote #AU# to perform service disruption.
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
4) Input validation error (CVE-ID: CVE-2010-3680)
The vulnerability allows a remote #AU# to perform service disruption.
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Remediation
Install update from vendor's website.
References
- http://bugs.mysql.com/bug.php?id=55039
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:012
- http://www.openwall.com/lists/oss-security/2010/09/28/10
- http://www.securityfocus.com/bid/42643
- http://www.vupen.com/english/advisories/2011/0133
- https://bugzilla.redhat.com/show_bug.cgi?id=628660
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64689
- http://bugs.mysql.com/bug.php?id=54477
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://secunia.com/advisories/42936
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:155
- http://www.redhat.com/support/errata/RHSA-2011-0164.html
- http://www.securityfocus.com/bid/42596
- http://www.ubuntu.com/usn/USN-1017-1
- http://www.ubuntu.com/usn/USN-1397-1
- http://www.vupen.com/english/advisories/2011/0170
- https://bugzilla.redhat.com/show_bug.cgi?id=628172
- http://bugs.mysql.com/bug.php?id=54393
- http://www.securityfocus.com/bid/42638
- https://bugzilla.redhat.com/show_bug.cgi?id=628062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64687
- http://bugs.mysql.com/bug.php?id=54044
- http://secunia.com/advisories/42875
- http://www.debian.org/security/2011/dsa-2143
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:222
- http://www.redhat.com/support/errata/RHSA-2010-0825.html
- http://www.securityfocus.com/bid/42598
- http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt
- http://www.vupen.com/english/advisories/2011/0105
- http://www.vupen.com/english/advisories/2011/0345
- https://bugzilla.redhat.com/show_bug.cgi?id=628192
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64686