'Re: [oss-security] CVE Request - MySQL - 5.0.88'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request - MySQL - 5.0.88
From:       Josh Bressers <bressers () redhat ! com>
Date:       2009-11-23 21:26:33
Message-ID: 1728815975.612571259011593868.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
> 
>    MySQL upstream has released latest 5.0.88 version of their Community
>    Server, fixing one security issue:
> 
> * Error handling was missing for SELECT statements containing
>    subqueries in the WHERE clause and that assigned a SELECT
>    result to a user variable. The server could crash as a result.
>    (Bug#48291: http://bugs.mysql.com/48291)
> 
> This looks to be from adjacent network exploitable mysqld DoS.
> 
> * If the first argument to GeomFromWKB() function was a geometry
>    value, the function just returned its value. However, it
>    failed to preserve the argument's null_value flag, which
>    caused an unexpected NULL value to be returned to the caller,
>    resulting in a server crash.
>    (Bug#47780: http://bugs.mysql.com/47780)
> 
> Same case as the above, though I can't look into upstream MySQL bugs
> to confirm or disprove it. Thus Cc-ed Sergei Golubchik on this mail.
> 


Let's group these two together. This also appears to affect MySQL versions
before 5.1.41 5.0.88.

CVE-2009-4019

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
http://bugs.mysql.com/47780
http://bugs.mysql.com/48291

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic