oss-sec mailing list archives
Re: CVE request, security issues fixed in MySQL 5.1.51
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 7 Oct 2010 16:57:14 -0400 (EDT)
Looks like there were 8 security bugs reported at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html, not 7.
These all have different affected versions claimed, so each gets a separate CVE.
- Steve Bug#55826 - incorrect propagation of type errors in evaluation of arguments to extreme-value functions CVE-2010-3833 "create table .. select crashes with when KILL_BAD_DATA is returned" 5.0.91,5.1.49,5.1.50-bzr,5.5.5 Bug#55568 - The server could crash after materializing a derived table that required a temporary table for grouping. CVE-2010-3834 "user variable assignments crash server when used within query" 5.0.91-debug,5.1.49-debug Bug #55564 - A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted. CVE-2010-3835 "crash with user variables, assignments, joins..." 5.0.92, 5.1.37, 5.1.49, 5.1.50-bzr, 5.5.6-m3 Bug#54568 - Pre-evaluation of LIKE predicates during view preparation could cause a server crash. CVE-2010-3836 "create view cause Assertion failed: 0, file .\item_subselect.cc, line 836" 5.0.91-debug, 5.1.47-debug Bug#54476 - GROUP_CONCAT() and WITH ROLLUP together could cause a server crash. CVE-2010-3837 "crash when group_concat and 'with rollup' in prepared statements" 5.0.91, 5.1.47, 5.1.49-bzr, 5.5.3 see: [23 Jul 14:25] Alexey Kopytov Bug#54461 - Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table. CVE-2010-3838 "crash with longblob and union or update with subquery" 5.0.91,5.1.47, 5.5.3, 5.5.5-m3 Bug#53544 - Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements. CVE-2010-3839 "Server hangs during JOIN query in stored procedure called twice in a row" 5.1.47, 5.6.99-m4 Dahlia, bzr_mysql-6.0-codebase-bugfixing Bug#51875 - The PolyFromWKB() function could crash the server when improper WKB data was passed to the function. CVE-2010-3840 "crash when loading data into geometry function polyfromwkb" 5.0.90,5.1.44
Current thread:
- CVE request, security issues fixed in MySQL 5.1.51 Vincent Danen (Oct 04)
- Re: CVE request, security issues fixed in MySQL 5.1.51 Josh Bressers (Oct 04)
- Re: CVE request, security issues fixed in MySQL 5.1.51 Steven M. Christey (Oct 07)