MySQL: Fix for Multiple Vulnerabilities

Users of MySQL please be advised of a fix for Multiple Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

MDVSA-2010:222: [MDVSA-2010:222] mysql Fix for Multple Vulnerabilities
Problem Description:

Multiple vulnerabilities were discovered and corrected in mysql:

* Joins involving a table with with a unique SET column could cause
a server crash (CVE-2010-3677).

* Use of TEMPORARY InnoDB tables with nullable columns could cause
a server crash (CVE-2010-3680).

* The server could crash if there were alternate reads from two
indexes on a table using the HANDLER interface (CVE-2010-3681).

* Using EXPLAIN with queries of the form SELECT … UNION … ORDER BY
(SELECT … WHERE …) could cause a server crash (CVE-2010-3682).

* During evaluation of arguments to extreme-value functions (such
as LEAST() and GREATEST()), type errors did not propagate properly,
causing the server to crash (CVE-2010-3833).

* The server could crash after materializing a derived table that
required a temporary table for grouping (CVE-2010-3834).Read more at http://www.criticalwatch.com

 

Advertisements