oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request, security issues fixed in MySQL 5.1.51

From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 7 Oct 2010 16:57:14 -0400 (EDT)
Looks like there were 8 security bugs reported at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html, not 7.
These all have different affected versions claimed, so each gets a separate CVE. 

- Steve


Bug#55826 - incorrect propagation of type errors in evaluation of
arguments to extreme-value functions

  CVE-2010-3833
  "create table .. select crashes with when KILL_BAD_DATA is returned"
  5.0.91,5.1.49,5.1.50-bzr,5.5.5

Bug#55568 - The server could crash after materializing a derived table
that required a temporary table for grouping.

  CVE-2010-3834
  "user variable assignments crash server when used within query"
  5.0.91-debug,5.1.49-debug

Bug #55564 - A user-variable assignment expression that is evaluated
in a logical expression context can be precalculated in a temporary
table for GROUP BY. However, when the expression value is used after
creation of the temporary table, it was re-evaluated, not read from
the table and a server crash resulted.

  CVE-2010-3835
  "crash with user variables, assignments, joins..."
  5.0.92, 5.1.37, 5.1.49, 5.1.50-bzr, 5.5.6-m3

Bug#54568 - Pre-evaluation of LIKE predicates during view preparation
could cause a server crash.

  CVE-2010-3836
  "create view cause Assertion failed: 0, file .\item_subselect.cc, line 836"
  5.0.91-debug, 5.1.47-debug

Bug#54476 - GROUP_CONCAT() and WITH ROLLUP together could cause a
server crash.

  CVE-2010-3837
  "crash when group_concat and 'with rollup' in prepared statements"
  5.0.91, 5.1.47, 5.1.49-bzr, 5.5.3

  see: [23 Jul 14:25] Alexey Kopytov

Bug#54461 - Queries could cause a server crash if the GREATEST() or
LEAST() function had a mixed list of numeric and LONGBLOB arguments,
and the result of such a function was processed using an intermediate
temporary table.

  CVE-2010-3838
  "crash with longblob and union or update with subquery"
  5.0.91,5.1.47, 5.5.3, 5.5.5-m3

Bug#53544 - Queries with nested joins could cause an infinite loop in
the server when used from stored procedures and prepared statements.

  CVE-2010-3839
  "Server hangs during JOIN query in stored procedure called twice in a row"
  5.1.47, 5.6.99-m4 Dahlia, bzr_mysql-6.0-codebase-bugfixing

Bug#51875 - The PolyFromWKB() function could crash the server when
improper WKB data was passed to the function.

  CVE-2010-3840
  "crash when loading data into geometry function polyfromwkb"
  5.0.90,5.1.44
Previous By Date Next
Previous By Thread Next

Current thread: