[ MDVSA-2010:012 ] mysql

[dude67]

_______________________________________________________________________

Package : mysql
Date : January 17, 2010
Affected: 2009.1, 2010.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in mysql:

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does
not (1) properly handle errors during execution of certain SELECT
statements with subqueries, and does not (2) preserve certain
null_value flags during execution of statements that use the
GeomFromWKB function, which allows remote authenticated users to
cause a denial of service (daemon crash) via a crafted statement
(CVE-2009-4019).

The vio_verify_callback function in viosslfactories.c in MySQL
5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used,
accepts a value of zero for the depth of X.509 certificates, which
allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL
servers via a crafted certificate, as demonstrated by a certificate
presented by a server linked against the yaSSL library (CVE-2009-4028).

MySQL 5.1.x before 5.1.41 allows local users to bypass certain
privilege checks by calling CREATE TABLE on a MyISAM table with
modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments
that are originally associated with pathnames without symlinks,
and that can point to tables created at a future time at which a
pathname is modified to contain a symlink to a subdirectory of the
MySQL data home directory, related to incorrect calculation of the
mysql_unpacked_real_data_home value. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079
(CVE-2009-4030).

The updated packages have been patched to correct these
issues. Additionally for 2009.1 and 2010.0 mysql has also been upgraded
to the latest stable 5.1 release (5.1.42).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-4019
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-4028
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-4030
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-35.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-36.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-37.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-38.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-39.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-40.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-42.html
_______________________________________________________________________