Upstream information

CVE-2010-3837 at MITRE

Description

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4
Vector AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 644864 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libmysqlclient15 >= 5.0.94-0.2.2.1
  • libmysqlclient15-32bit >= 5.0.94-0.2.2.1
  • libmysqlclient15-x86 >= 5.0.96-0.4.1
  • libmysqlclient_r15 >= 5.0.94-0.2.2.1
  • mysql >= 5.0.94-0.2.2.1
  • mysql-Max >= 5.0.94-0.2.2.1
  • mysql-client >= 5.0.94-0.2.2.1
  • mysql-tools >= 5.0.96-0.4.1
Patchnames:
slessp1-libmysqlclient-devel
SUSE Linux Enterprise Server 11 SP2
  • libmysqlclient15 >= 5.0.94-0.2.4.1
  • libmysqlclient15-32bit >= 5.0.94-0.2.4.1
  • libmysqlclient15-x86 >= 5.0.94-0.2.4.1
  • libmysqlclient_r15 >= 5.0.94-0.2.4.1
  • mysql >= 5.0.94-0.2.4.1
  • mysql-Max >= 5.0.94-0.2.4.1
  • mysql-client >= 5.0.94-0.2.4.1
  • mysql-tools >= 5.0.94-0.2.4.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libmysqlclient15-32bit
SUSE Linux Enterprise Server 11 SP3
  • libmysqlclient15 >= 5.0.96-0.6.1
  • libmysqlclient15-32bit >= 5.0.96-0.6.1
  • libmysqlclient15-x86 >= 5.0.96-0.6.1
  • libmysqlclient_r15 >= 5.0.96-0.6.1
  • mysql >= 5.5.31-0.7.10
  • mysql-client >= 5.5.31-0.7.10
  • mysql-tools >= 5.5.31-0.7.10
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libmysqlclient15-32bit
SUSE Linux Enterprise Server 11 SP4
  • libmysql55client18 >= 5.5.43-0.7.3
  • libmysql55client18-32bit >= 5.5.43-0.7.3
  • libmysql55client18-x86 >= 5.5.43-0.7.3
  • libmysql55client_r18 >= 5.5.43-0.7.3
  • libmysql55client_r18-32bit >= 5.5.43-0.7.3
  • libmysql55client_r18-x86 >= 5.5.43-0.7.3
  • libmysqlclient15 >= 5.0.96-0.6.20
  • libmysqlclient15-32bit >= 5.0.96-0.6.20
  • libmysqlclient15-x86 >= 5.0.96-0.6.20
  • libmysqlclient_r15 >= 5.0.96-0.6.20
  • mysql >= 5.5.43-0.7.3
  • mysql-client >= 5.5.43-0.7.3
  • mysql-tools >= 5.5.43-0.7.3
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libmysql55client18-32bit
SUSE Linux Enterprise Server 11 SP4 GA libmysqlclient15-32bit
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libmysql55client_r18-32bit >= 5.5.43-0.7.3
  • libmysql55client_r18-x86 >= 5.5.43-0.7.3
  • libmysqlclient-devel >= 5.0.96-0.6.1
  • libmysqlclient_r15-32bit >= 5.0.96-0.6.20
  • libmysqlclient_r15-x86 >= 5.0.96-0.6.20
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libmysql55client_r18-32bit
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libmysqlclient-devel
openSUSE 11.3
  • libmysqlclusterclient16-debuginfo >= 7.0.25-0.3.1
  • libmysqlclusterclient_r16-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-bench-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-client-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-debug-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-debugsource >= 7.0.25-0.3.1
  • mysql-cluster-ndb-extra-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-ndb-management-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-ndb-storage-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-ndb-tools-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-test-debuginfo >= 7.0.25-0.3.1
  • mysql-cluster-tools-debuginfo >= 7.0.25-0.3.1
openSUSE 11.3
  • libmysqlclusterclient16 >= 7.0.25-0.3.1
  • libmysqlclusterclient_r16 >= 7.0.25-0.3.1
  • mysql-cluster >= 7.0.25-0.3.1
  • mysql-cluster-bench >= 7.0.25-0.3.1
  • mysql-cluster-client >= 7.0.25-0.3.1
  • mysql-cluster-debug >= 7.0.25-0.3.1
  • mysql-cluster-ndb-extra >= 7.0.25-0.3.1
  • mysql-cluster-ndb-management >= 7.0.25-0.3.1
  • mysql-cluster-ndb-storage >= 7.0.25-0.3.1
  • mysql-cluster-ndb-tools >= 7.0.25-0.3.1
  • mysql-cluster-test >= 7.0.25-0.3.1
  • mysql-cluster-tools >= 7.0.25-0.3.1
openSUSE 11.3
  • libmariadbclient16-debuginfo >= 5.1.55-0.3.1
  • libmariadbclient_r16-debuginfo >= 5.1.55-0.3.1
  • mariadb-bench-debuginfo >= 5.1.55-0.3.1
  • mariadb-client-debuginfo >= 5.1.55-0.3.1
  • mariadb-debug-debuginfo >= 5.1.55-0.3.1
  • mariadb-debuginfo >= 5.1.55-0.3.1
  • mariadb-debugsource >= 5.1.55-0.3.1
  • mariadb-test-debuginfo >= 5.1.55-0.3.1
  • mariadb-tools-debuginfo >= 5.1.55-0.3.1
openSUSE 11.3
openSUSE 11.4
  • libmariadbclient16 >= 5.1.55-0.3.1
  • libmariadbclient_r16 >= 5.1.55-0.3.1
  • mariadb >= 5.1.55-0.3.1
  • mariadb-bench >= 5.1.55-0.3.1
  • mariadb-client >= 5.1.55-0.3.1
  • mariadb-debug >= 5.1.55-0.3.1
  • mariadb-test >= 5.1.55-0.3.1
  • mariadb-tools >= 5.1.55-0.3.1
openSUSE 11.4
  • libmysqlclusterclient16 >= 7.1.14-0.3.1
  • libmysqlclusterclient_r16 >= 7.1.14-0.3.1
  • mysql-cluster >= 7.1.14-0.3.1
  • mysql-cluster-bench >= 7.1.14-0.3.1
  • mysql-cluster-client >= 7.1.14-0.3.1
  • mysql-cluster-debug >= 7.1.14-0.3.1
  • mysql-cluster-ndb-extra >= 7.1.14-0.3.1
  • mysql-cluster-ndb-management >= 7.1.14-0.3.1
  • mysql-cluster-ndb-storage >= 7.1.14-0.3.1
  • mysql-cluster-ndb-tools >= 7.1.14-0.3.1
  • mysql-cluster-test >= 7.1.14-0.3.1
  • mysql-cluster-tools >= 7.1.14-0.3.1
openSUSE 11.3
  • libmysqlclient16-debuginfo >= 5.1.57-0.3.1
  • libmysqlclient16-debuginfo-32bit >= 5.1.57-0.3.1
  • libmysqlclient_r16-debuginfo >= 5.1.57-0.3.1
  • libmysqlclient_r16-debuginfo-32bit >= 5.1.57-0.3.1
  • libmysqld0-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-bench-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-client-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-debug-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-debugsource >= 5.1.57-0.3.1
  • mysql-community-server-test-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-tools-debuginfo >= 5.1.57-0.3.1
openSUSE 11.3
openSUSE 11.4
  • libmysqlclient-devel >= 5.1.57-0.3.1
  • libmysqlclient16 >= 5.1.57-0.3.1
  • libmysqlclient16-32bit >= 5.1.57-0.3.1
  • libmysqlclient_r16 >= 5.1.57-0.3.1
  • libmysqlclient_r16-32bit >= 5.1.57-0.3.1
  • libmysqld-devel >= 5.1.57-0.3.1
  • libmysqld0 >= 5.1.57-0.3.1
  • mysql-community-server >= 5.1.57-0.3.1
  • mysql-community-server-bench >= 5.1.57-0.3.1
  • mysql-community-server-client >= 5.1.57-0.3.1
  • mysql-community-server-debug >= 5.1.57-0.3.1
  • mysql-community-server-test >= 5.1.57-0.3.1
  • mysql-community-server-tools >= 5.1.57-0.3.1
SUSE Linux Enterprise Software Development Kit 11 SP1
  • libmysqlclient-devel >= 5.0.94-0.2.2.1
Builds
SAT Patch Nr: 5285
SUSE Linux Enterprise Software Development Kit 11 SP1
  • libmysqlclient-devel >= 5.0.94-0.2.2.1
  • libmysqlclient_r15-x86 >= 5.0.94-0.2.2.1
Builds
SAT Patch Nr: 5285
SUSE Linux Enterprise Software Development Kit 11 SP1
  • libmysqlclient-devel >= 5.0.94-0.2.2.1
  • libmysqlclient_r15-32bit >= 5.0.94-0.2.2.1
Builds
SAT Patch Nr: 5285
SUSE Linux Enterprise Desktop 11 SP1
  • libmysqlclient15 >= 5.0.94-0.2.2.1
  • libmysqlclient_r15 >= 5.0.94-0.2.2.1
  • mysql >= 5.0.94-0.2.2.1
  • mysql-client >= 5.0.94-0.2.2.1
Builds
SAT Patch Nr: 5285
SUSE Linux Enterprise Desktop 11 SP1
  • libmysqlclient15 >= 5.0.94-0.2.2.1
  • libmysqlclient15-32bit >= 5.0.94-0.2.2.1
  • libmysqlclient_r15 >= 5.0.94-0.2.2.1
  • libmysqlclient_r15-32bit >= 5.0.94-0.2.2.1
  • mysql >= 5.0.94-0.2.2.1
  • mysql-client >= 5.0.94-0.2.2.1
Builds
SAT Patch Nr: 5285
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • libmysqlclient15 >= 5.0.94-0.2.2.1
  • libmysqlclient15-32bit >= 5.0.94-0.2.2.1
  • libmysqlclient_r15 >= 5.0.94-0.2.2.1
  • mysql >= 5.0.94-0.2.2.1
  • mysql-Max >= 5.0.94-0.2.2.1
  • mysql-client >= 5.0.94-0.2.2.1
Builds
SAT Patch Nr: 5285
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • libmysqlclient15 >= 5.0.94-0.2.2.1
  • libmysqlclient_r15 >= 5.0.94-0.2.2.1
  • mysql >= 5.0.94-0.2.2.1
  • mysql-Max >= 5.0.94-0.2.2.1
  • mysql-client >= 5.0.94-0.2.2.1
Builds
SAT Patch Nr: 5285
SUSE Linux Enterprise Server 11 SP1
  • libmysqlclient15 >= 5.0.94-0.2.2.1
  • libmysqlclient15-x86 >= 5.0.94-0.2.2.1
  • libmysqlclient_r15 >= 5.0.94-0.2.2.1
  • mysql >= 5.0.94-0.2.2.1
  • mysql-Max >= 5.0.94-0.2.2.1
  • mysql-client >= 5.0.94-0.2.2.1
Builds
SAT Patch Nr: 5285
openSUSE 11.4
  • libmariadbclient16 >= 5.1.55-0.3.1
  • libmariadbclient16-debuginfo >= 5.1.55-0.3.1
  • libmariadbclient_r16 >= 5.1.55-0.3.1
  • libmariadbclient_r16-debuginfo >= 5.1.55-0.3.1
  • libmysqlclient-devel >= 5.1.57-0.3.1
  • libmysqlclient16 >= 5.1.57-0.3.1
  • libmysqlclient16-32bit >= 5.1.57-0.3.1
  • libmysqlclient16-debuginfo >= 5.1.57-0.3.1
  • libmysqlclient16-debuginfo-32bit >= 5.1.57-0.3.1
  • libmysqlclient_r16 >= 5.1.57-0.3.1
  • libmysqlclient_r16-32bit >= 5.1.57-0.3.1
  • libmysqlclient_r16-debuginfo >= 5.1.57-0.3.1
  • libmysqlclient_r16-debuginfo-32bit >= 5.1.57-0.3.1
  • libmysqlclusterclient16 >= 7.1.14-0.3.1
  • libmysqlclusterclient16-debuginfo >= 7.1.14-0.3.1
  • libmysqlclusterclient_r16 >= 7.1.14-0.3.1
  • libmysqlclusterclient_r16-debuginfo >= 7.1.14-0.3.1
  • libmysqld-devel >= 5.1.57-0.3.1
  • libmysqld0 >= 5.1.57-0.3.1
  • libmysqld0-debuginfo >= 5.1.57-0.3.1
  • mariadb >= 5.1.55-0.3.1
  • mariadb-bench >= 5.1.55-0.3.1
  • mariadb-bench-debuginfo >= 5.1.55-0.3.1
  • mariadb-client >= 5.1.55-0.3.1
  • mariadb-client-debuginfo >= 5.1.55-0.3.1
  • mariadb-debug >= 5.1.55-0.3.1
  • mariadb-debug-debuginfo >= 5.1.55-0.3.1
  • mariadb-debuginfo >= 5.1.55-0.3.1
  • mariadb-debugsource >= 5.1.55-0.3.1
  • mariadb-test >= 5.1.55-0.3.1
  • mariadb-test-debuginfo >= 5.1.55-0.3.1
  • mariadb-tools >= 5.1.55-0.3.1
  • mariadb-tools-debuginfo >= 5.1.55-0.3.1
  • mysql-cluster >= 7.1.14-0.3.1
  • mysql-cluster-bench >= 7.1.14-0.3.1
  • mysql-cluster-bench-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-client >= 7.1.14-0.3.1
  • mysql-cluster-client-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-debug >= 7.1.14-0.3.1
  • mysql-cluster-debug-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-debugsource >= 7.1.14-0.3.1
  • mysql-cluster-ndb-extra >= 7.1.14-0.3.1
  • mysql-cluster-ndb-extra-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-ndb-management >= 7.1.14-0.3.1
  • mysql-cluster-ndb-management-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-ndb-storage >= 7.1.14-0.3.1
  • mysql-cluster-ndb-storage-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-ndb-tools >= 7.1.14-0.3.1
  • mysql-cluster-ndb-tools-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-test >= 7.1.14-0.3.1
  • mysql-cluster-test-debuginfo >= 7.1.14-0.3.1
  • mysql-cluster-tools >= 7.1.14-0.3.1
  • mysql-cluster-tools-debuginfo >= 7.1.14-0.3.1
  • mysql-community-server >= 5.1.57-0.3.1
  • mysql-community-server-bench >= 5.1.57-0.3.1
  • mysql-community-server-bench-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-client >= 5.1.57-0.3.1
  • mysql-community-server-client-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-debug >= 5.1.57-0.3.1
  • mysql-community-server-debug-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-debugsource >= 5.1.57-0.3.1
  • mysql-community-server-test >= 5.1.57-0.3.1
  • mysql-community-server-test-debuginfo >= 5.1.57-0.3.1
  • mysql-community-server-tools >= 5.1.57-0.3.1
  • mysql-community-server-tools-debuginfo >= 5.1.57-0.3.1
Patchnames:
libmariadbclient16
libmysqlclient-devel
libmysqlclusterclient16