MySQL: Denial of Service Vulnerabilities

Users of MySQL please be advised of a denial of service vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

USN-1017-1: [USN-1017-1] MySQL vulnerabilities
Details follow:

It was discovered that MySQL incorrectly handled certain requests with the

UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit

this to make MySQL crash, causing a denial of service. This issue only

affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)

It was discovered that MySQL incorrectly handled joins involving a table

with a unique SET column. An authenticated user could exploit this to make

MySQL crash, causing a denial of service. This issue only affected Ubuntu

6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3677)

Read more at http://www.criticalwatch.com

 

Advertisements