| Description: | Summary:
The remote host is missing an update for the 'mysql'
package(s) announced via the referenced advisory.
Vulnerability Insight:
MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.
The MySQL PolyFromWKB() function did not sanity check Well-Known Binary
(WKB) data, which could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3840)
A flaw in the way MySQL processed certain JOIN queries could allow a
remote, authenticated attacker to cause excessive CPU use (up to 100%), if
a stored procedure contained JOIN queries, and that procedure was executed
twice in sequence. (CVE-2010-3839)
A flaw in the way MySQL processed queries that provide a mixture of numeric
and longblob data types to the LEAST or GREATEST function, could allow a
remote, authenticated attacker to crash mysqld. (CVE-2010-3838)
A flaw in the way MySQL processed PREPARE statements containing both
GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote,
authenticated attacker to crash mysqld. (CVE-2010-3837)
MySQL did not properly pre-evaluate LIKE arguments in view prepare mode,
possibly allowing a remote, authenticated attacker to crash mysqld.
(CVE-2010-3836)
A flaw in the way MySQL processed statements that assign a value to a
user-defined variable and that also contain a logical value evaluation
could allow a remote, authenticated attacker to crash mysqld.
(CVE-2010-3835)
A flaw in the way MySQL evaluated the arguments of extreme-value functions,
such as LEAST and GREATEST, could allow a remote, authenticated attacker to
crash mysqld. (CVE-2010-3833)
A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to
send OK packets even when there were errors. (CVE-2010-3683)
A flaw in the way MySQL processed EXPLAIN statements for some complex
SELECT queries could allow a remote, authenticated attacker to crash
mysqld. (CVE-2010-3682)
A flaw in the way MySQL processed certain alternating READ requests
provided by HANDLER statements could allow a remote, authenticated attacker
to crash mysqld. (CVE-2010-3681)
A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that
define NULL columns when using the InnoDB storage engine, could allow a
remote, authenticated attacker to crash mysqld. (CVE-2010-3680)
A flaw in the way MySQL processed certain values provided to the BINLOG
statement caused MySQL to read unassigned memory. A remote, authenticated
attacker could possibly use this flaw to crash mysq ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
mysql on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Solution:
Please Install the Updated Packages.
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
