CVE Request - MySQL - 5.0.88

[Jan Lieskovsky <jlieskov () redhat com>]

Hi Josh, Steve, vendors,

  MySQL upstream has released latest 5.0.88 version of their Community Server,
fixing one security issue:

Security Fix: MySQL clients linked against OpenSSL did not
              check server certificates presented by a server linked against
              yaSSL. (Bug#47320: http://bugs.mysql.com/47320)

While the other two (three issues) looks too to be security relevant:

* Error handling was missing for SELECT statements containing
  subqueries in the WHERE clause and that assigned a SELECT
  result to a user variable. The server could crash as a result.
  (Bug#48291: http://bugs.mysql.com/48291)

This looks to be from adjacent network exploitable mysqld DoS.

* If the first argument to GeomFromWKB() function was a geometry
  value, the function just returned its value. However, it
  failed to preserve the argument's null_value flag, which
  caused an unexpected NULL value to be returned to the caller,
  resulting in a server crash.
  (Bug#47780: http://bugs.mysql.com/47780)

Same case as the above, though I can't look into upstream MySQL bugs
to confirm or disprove it. Thus Cc-ed Sergei Golubchik on this mail.

* Failure to treat BIT values as unsigned could lead to
  unpredictable results.
 (Bug#42803: http://bugs.mysql.com/42803)

Also this one seems to be security related - upstream bug speaks about
invalid memory access and didn't check the code if this could
lead to heap overflow once the comparison fails.

Sergei, our opinion here is appreciated.

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team