oss-sec mailing list archives
CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE
From: Stefan Cornelius <scorneli () redhat com>
Date: Fri, 13 Apr 2012 19:58:25 +0200
Hi, MySQL 5.5.22 fixed a denial of service flaw in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated MySQL user could use this flaw to cause mysqld daemon abort. References: [1] http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html [2] https://bugs.gentoo.org/show_bug.cgi?id=411503 [3] http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ Upstream commit: http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=812431 Thanks and kind regards, -- Stefan Cornelius / Red Hat Security Response Team
Current thread:
- CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Stefan Cornelius (Apr 13)
- Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Kurt Seifried (Apr 13)