oss-sec mailing list archives
Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 13 Apr 2012 12:07:49 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/13/2012 11:58 AM, Stefan Cornelius wrote:
Hi, MySQL 5.5.22 fixed a denial of service flaw in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated MySQL user could use this flaw to cause mysqld daemon abort. References: [1] http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html [2] https://bugs.gentoo.org/show_bug.cgi?id=411503 [3] http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ Upstream commit: http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=812431 Thanks and kind regards,
Please use CVE-2012-2102 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPiGt1AAoJEBYNRVNeJnmT0mQP/joHG5GXPsWofNR4niSr51wL FKdqpIapxlIA+fJI+UmHVaS2uu094QOsWpXjpzCP0Lo1MmRDxGIySgx+N+QhCMjY NIUlr24QX4iVUJ6KVsKRYK8bZeF9nkYyB8Mc67ON60mLLMLt/HSwtTy/LBOjI/DO GzdG0YfU+aoxRMiW/Zg4De0mVaVys0RBeyMAVwNW2GXB3qNlprLD7UpMLqM8iTio MvEofvU8ljsb4y56I1vBBAq5rMkNnqOJY3FvOV2yf52JQ1/G8njtX/1+to1l8UNU sbWz1JPWf9KQDA1TXK5hVEfnQjVVt6/UaDgZcwqUJXN5sZomCVPdEm8RLj/zOe1a LWoXgrmuZvaFmwJf97zx4vxQ9knNscjmNQKA7g/qNNqApP8wqsgj+VwnkcuJmG9c IHCzicwU1vIYjF2wuA0t9/a+uw22qzdm3PLVNNcqXN7yinNNfFKL/xUzqyMS+QHy 3oj3adwvEY+WUlJZ0lI34md/mp9pzmFE/pcMtCYyZ81OlREYfTYae1zOWqpvK3WL upxluLOtRlhB+Dc4W1cUvLWtLqWqq7+S4xxlDIQGyAX8eJJXxDg6g+J3ucpVygAU TmDyBdA0cMpO5Fu03Pt24ibnorsKTOUxL2tN3SD//7igJZK4B1/xGMPfz6c9SsZy DEI9L0Z+yvqnjWnr/t+H =nwmt -----END PGP SIGNATURE-----
Current thread:
- CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Stefan Cornelius (Apr 13)
- Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Kurt Seifried (Apr 13)