oss-sec mailing list archives

Re: CVE Request - MySQL - 5.0.88

From: Josh Bressers <bressers () redhat com>
Date: Mon, 23 Nov 2009 16:26:33 -0500 (EST)

----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:


   MySQL upstream has released latest 5.0.88 version of their Community
   Server, fixing one security issue:

* Error handling was missing for SELECT statements containing
   subqueries in the WHERE clause and that assigned a SELECT
   result to a user variable. The server could crash as a result.
   (Bug#48291: http://bugs.mysql.com/48291)

This looks to be from adjacent network exploitable mysqld DoS.

* If the first argument to GeomFromWKB() function was a geometry
   value, the function just returned its value. However, it
   failed to preserve the argument's null_value flag, which
   caused an unexpected NULL value to be returned to the caller,
   resulting in a server crash.
   (Bug#47780: http://bugs.mysql.com/47780)

Same case as the above, though I can't look into upstream MySQL bugs
to confirm or disprove it. Thus Cc-ed Sergei Golubchik on this mail.



Let's group these two together. This also appears to affect MySQL versions
before 5.1.41 5.0.88.

CVE-2009-4019

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
http://bugs.mysql.com/47780
http://bugs.mysql.com/48291

-- 
    JB

Current thread:

CVE Request - MySQL - 5.0.88 Jan Lieskovsky (Nov 21)
- Re: CVE Request - MySQL - 5.0.88 Sergei Golubchik (Nov 21)
- Re: CVE Request - MySQL - 5.0.88 Josh Bressers (Nov 23)