AXSA:2011-32:01

リリース日: 
2011/02/15 Tuesday - 19:28
題名: 
mysql-5.1.52-1.AXS4.1
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the MySQL client programs, the client shared libraries, and generic MySQL files.
Security issues fixed with this release:
CVE-2010-3677
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
CVE-2010-3678
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
CVE-2010-3679
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
CVE-2010-3680
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
CVE-2010-3681
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing 'alternate reads from two indexes on a table,' which triggers an assertion failure.
CVE-2010-3682
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted 'SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)' statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
CVE-2010-3683
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
CVE-2010-3833
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a 'CREATE TABLE ... SELECT.'
CVE-2010-3835
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
CVE-2010-3836
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
CVE-2010-3837
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
CVE-2010-3838
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is 'processed using an intermediate temporary table.'
CVE-2010-3839
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
CVE-2010-3840
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes:
<A HREF=http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html>http://dev.mysql...

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. mysql-5.1.52-1.AXS4.1.src.rpm
    MD5: 2d811d3d40c98f4526e53bb854692c3e
    SHA-256: d567d87646ceb29d4a7420b8cb0126fbe7d2935748c8b7b204c8fd6601bb9ec7
    Size: 19.89 MB

Asianux Server 4 for x86
  1. mysql-5.1.52-1.AXS4.1.i686.rpm
    MD5: 032ce246e4888936451f61b969551e63
    SHA-256: 98e1fe9c1712536a7984cbc726cc1df53bdaffd7803fabb5272f526ccb75f47a
    Size: 897.75 kB
  2. mysql-bench-5.1.52-1.AXS4.1.i686.rpm
    MD5: 9b5dfe41749d1e938dc8663aec61d6a4
    SHA-256: f282d3baaf81433d9ba82813f1541f0e5ec8c278381049d1bcc12f51ca165c52
    Size: 425.56 kB
  3. mysql-devel-5.1.52-1.AXS4.1.i686.rpm
    MD5: 1c867f3f5921bdc6a19a0f0ef6c41b85
    SHA-256: abe7b239d826e5b9bbdd71390ad1fc8c23f19b339b5f1bfa9d9b0b6e52f1c30c
    Size: 125.33 kB
  4. mysql-libs-5.1.52-1.AXS4.1.i686.rpm
    MD5: 2c0afabb409a1f795a1ce32ac3730d03
    SHA-256: 5d8d97c8ed6ded34cb6d46ae2b340708432fb90ccc6c8742772594614fc7a990
    Size: 1.23 MB
  5. mysql-server-5.1.52-1.AXS4.1.i686.rpm
    MD5: d41185b3c790dc8e09e699671e05d5aa
    SHA-256: cc4ac047ac0f3b8f94ff3ae6ccac7cfd0cbfe42508244165cf8b4ba04e8ddb30
    Size: 8.25 MB
  6. mysql-test-5.1.52-1.AXS4.1.i686.rpm
    MD5: 0742a97cc3d442f84737e645d4eab5d2
    SHA-256: 6305673675f6ca90deb37e40f042f6e7bd9692c2a28a0d6ff88644d2dfd50e25
    Size: 5.08 MB

Asianux Server 4 for x86_64
  1. mysql-5.1.52-1.AXS4.1.x86_64.rpm
    MD5: 3b1ed7fba8ba42ec53e2caff05e05824
    SHA-256: 58a73dc9491dead4473532ff02760a504c9f8034aef0087e6898e69cc2a522c4
    Size: 887.84 kB
  2. mysql-bench-5.1.52-1.AXS4.1.x86_64.rpm
    MD5: 39e7d6a215b5cf2c6630a6d6a50f4c0a
    SHA-256: 95c428c5a13140abd2dac9d006180dab306049a50ee09ea13f5db902702ad354
    Size: 425.14 kB
  3. mysql-devel-5.1.52-1.AXS4.1.x86_64.rpm
    MD5: 609ceede0ae0187a8451cc45134f7aa7
    SHA-256: d4575a04b5486aacad0e31112f9f16a31fc17cb051beea5c77ec183961a730df
    Size: 124.92 kB
  4. mysql-libs-5.1.52-1.AXS4.1.x86_64.rpm
    MD5: 8394043039330bff6566a5986fe3e27c
    SHA-256: b41c27232dab218f1d0c2b2071ada9a61bb4b63f99e63db00c0382955e190d06
    Size: 1.22 MB
  5. mysql-server-5.1.52-1.AXS4.1.x86_64.rpm
    MD5: 1c01abc28c66658c98e90547ede93868
    SHA-256: decd043caa796df431cbba3cbf13cae543f820fd176122a35c55f312707aabe9
    Size: 8.10 MB
  6. mysql-test-5.1.52-1.AXS4.1.x86_64.rpm
    MD5: ce1d34de48d7fb05e6723bc6eecc48e5
    SHA-256: 9b5c905cc3f9d1b9d9b548d26b39b83bbb030367ce5d35aa2a877d674d992a81
    Size: 5.09 MB
  7. mysql-devel-5.1.52-1.AXS4.1.i686.rpm
    MD5: 1c867f3f5921bdc6a19a0f0ef6c41b85
    SHA-256: abe7b239d826e5b9bbdd71390ad1fc8c23f19b339b5f1bfa9d9b0b6e52f1c30c
    Size: 125.33 kB
  8. mysql-libs-5.1.52-1.AXS4.1.i686.rpm
    MD5: 2c0afabb409a1f795a1ce32ac3730d03
    SHA-256: 5d8d97c8ed6ded34cb6d46ae2b340708432fb90ccc6c8742772594614fc7a990
    Size: 1.23 MB
Copyright© 2007-2015 Asianux. All rights reserved.