oss-sec mailing list archives
Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws
From: Josh Bressers <bressers () redhat com>
Date: Wed, 22 Sep 2010 14:58:55 -0400 (EDT)
Any update on these Steve? I've gotten a few questions about assignments. Thanks. -- JB ----- "Josh Bressers" <bressers () redhat com> wrote:
Steve, Can you handle this one? It's bigger than a breadbasket and I currently lack time to sort them all out. Thanks. -- JB ----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:Hi Steve, vendors, MySQL upstream yet on 2010-07-09 released version v5.1.49 oftheirCommunity Server, addressing couple of denial of service flaws (crashes and assertion failures): [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html 1, Security Fix: After changing the values of theinnodb_file_formator innodb_file_per_table configuration parameters,DDLstatements could cause a server crash. (Bug#55039) References: http://bugs.mysql.com/bug.php?id=55039https://bugzilla.redhat.com/show_bug.cgi?id=628660Reason: Assertion failure leading to server abort. 2, Security Fix: Joins involving a table with a unique SET column could cause a server crash. (Bug#54575) References: http://bugs.mysql.com/bug.php?id=54575https://bugzilla.redhat.com/show_bug.cgi?id=628040Reason: NULL pointer dereference leading to (temporary) server DoS. 3, Security Fix: Incorrect handling of NULL arguments could lead toacrash for IN() or CASE operations when NULL argumentswereeither passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN()andCASE). (Bug#54477) References: http://bugs.mysql.com/bug.php?id=54477https://bugzilla.redhat.com/show_bug.cgi?id=628172Reason: NULL pointer dereference leading to (temporary) server DoS. 4, Security Fix: A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash.(Bug#54393)References: http://bugs.mysql.com/bug.php?id=54393https://bugzilla.redhat.com/show_bug.cgi?id=628062Reason: Use of unassigned memory leading to (temporary) server DoS (crash). 5, Security Fix: Use of TEMPORARY InnoDB tables with nullablecolumnscould cause a server crash. (Bug#54044) References: http://bugs.mysql.com/bug.php?id=54044https://bugzilla.redhat.com/show_bug.cgi?id=628192Reason: Assertion failure leading to server abort. 6, Security Fix: The server could crash if there were alternatereadsfrom two indexes on a table using the HANDLERinterface.(Bug#54007) References: http://bugs.mysql.com/bug.php?id=54007https://bugzilla.redhat.com/show_bug.cgi?id=628680Reason: Assertion failure leading to server abort. 7, Security Fix: Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711) References: http://bugs.mysql.com/bug.php?id=52711https://bugzilla.redhat.com/show_bug.cgi?id=628328Reason: NULL pointer dereference leading to (temporary) server DoS. 8, Security Fix: LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported. Also, an assert related to client-server protocol checkingindebug servers sometimes was raised when it should nothavebeen. (Bug#52512) References: http://bugs.mysql.com/bug.php?id=52512https://bugzilla.redhat.com/show_bug.cgi?id=628698Reason: Assertion failure leading to server abort. It does not seem, CVE identifiers have been requested / assigned to these issues yet (either went unnoticed or not serious enough the get separateCVEids [as it is possible on many distributions the majority of them would mean only temporary denial of service]). Steve, if 'went unnoticed' is the case, could you please assign CVE identifiers for these? Common references: [2] http://secunia.com/advisories/41048/ Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: There is one crash due OOM killer issue yet: [3] http://bugs.mysql.com/bug.php?id=42064 but that one is not something we would consider as being ofasecurity issue.
Current thread:
- CVE Request -- MySQL v5.1.49 -- multiple DoS flaws Jan Lieskovsky (Aug 30)
- Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws Josh Bressers (Sep 10)
- Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws Josh Bressers (Sep 22)
- Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws Steven M. Christey (Sep 28)
- Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws Josh Bressers (Sep 10)