Please Install the Updated Packages.

Multiple vulnerabilities has been found and corrected in mysql: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory (CVE-2010-2008). Additionally many security issues noted in the 5.1.49 release notes has been addressed with this advisory as well, such as: * LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported. Also, an assert related to client-server protocol checking in debug servers sometimes was raised when it should not have been. (Bug#52512) (CVE-2010-3683) * Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711) (CVE-2010-3682) * The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. (Bug#54007) (CVE-2010-3681) * A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash. (Bug#54393) (CVE-2010-3679) * Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE). (Bug#54477) (CVE-2010-3678) * Joins involving a table with with a unique SET column could cause a server crash. (Bug#54575) (CVE-2010-3677) * Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash. (Bug#54044) (CVE-2010-3680) The updated packages have been patched to correct these issues. Update: Packages for 2009.1 was not provided with the MDVSA-2010:155 advisory. This advisory provides the missing packages.

mysql on Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64