mysql-5.0.77-4.4.0.1.AXS3
エラータID: AXSA:2010-485:04
リリース日:
2010/11/05 Friday - 21:32
題名:
mysql-5.0.77-4.4.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2010-3677, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3833, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840 の情報が公開されておりません。
CVEの情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2010-3677
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
CVE-2010-3680
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
CVE-2010-3681
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
CVE-2010-3682
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
CVE-2010-3833
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
CVE-2010-3835
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
CVE-2010-3836
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
CVE-2010-3837
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
CVE-2010-3838
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
CVE-2010-3839
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
CVE-2010-3840
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
追加情報:
N/A
ダウンロード:
SRPMS
- mysql-5.0.77-4.4.0.1.AXS3.src.rpm
MD5: db976681dcc74268f1882fbc51f9e599
SHA-256: a3a9c06f922abc4a377c90223ab18c39d2d134052e3cf37d8846730841b0b569
Size: 32.72 MB
Asianux Server 3 for x86
- mysql-5.0.77-4.4.0.1.AXS3.i386.rpm
MD5: b4c4f25703b1e275a721b72568415bb4
SHA-256: cb84e6d609ef7d7b63c8adee12da6d24ec20d3956363a8b85c41aadab657605d
Size: 4.75 MB - mysql-bench-5.0.77-4.4.0.1.AXS3.i386.rpm
MD5: 3a87a521399a2ec8250d1cf8217223bf
SHA-256: 5f8786e50a24d5dfbaf2fc81dc05d1e3be2720c2a7275f2d3511df1dca6758fb
Size: 510.16 kB - mysql-devel-5.0.77-4.4.0.1.AXS3.i386.rpm
MD5: 9c957aa7f4cf83b912d95ddf04a883ed
SHA-256: ffe52139e1ca8ae44e50e87be0bb873369e89aa5a28a3eb821121fdcb44b76bd
Size: 2.43 MB - mysql-server-5.0.77-4.4.0.1.AXS3.i386.rpm
MD5: 33bb735b9dea56adbe41725eb2126fd1
SHA-256: 7ed3eb0bb7e998ee485ff4a30b52c6b93d6b7b20399a5608e7d073d10566795f
Size: 9.78 MB
Asianux Server 3 for x86_64
- mysql-5.0.77-4.4.0.1.AXS3.x86_64.rpm
MD5: 4fbc01df67c55cbecfbdca17327e4abb
SHA-256: f6d4d349a2ef562af3942d20bfb9ff4907ea90ca51385d43b2aac15eff97ff66
Size: 4.76 MB - mysql-bench-5.0.77-4.4.0.1.AXS3.x86_64.rpm
MD5: 2bbe831d47626110ecffe67fd5b7b28e
SHA-256: 590a15c83ef2be75fd531df272a550e1ba203b47d5299699374ae337aa1fd36f
Size: 510.06 kB - mysql-devel-5.0.77-4.4.0.1.AXS3.x86_64.rpm
MD5: 3dfe64a6fc3106e46417fbd3cba822db
SHA-256: 38395cb900efa093e1258d465464d3c563a37a5dc025fca45d5b58d68bd43267
Size: 2.47 MB - mysql-server-5.0.77-4.4.0.1.AXS3.x86_64.rpm
MD5: 9074f9241d44ac4210595b97a5bd56bf
SHA-256: ee2f4a142454b4ff8b8215c323da3deb78baada61040e6012f942c6afb314309
Size: 9.84 MB