oss-sec mailing list archives
CVE Request - MySQL - 5.0.88
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Sat, 21 Nov 2009 16:29:26 +0100
Hi Josh, Steve, vendors, MySQL upstream has released latest 5.0.88 version of their Community Server, fixing one security issue: Security Fix: MySQL clients linked against OpenSSL did not check server certificates presented by a server linked against yaSSL. (Bug#47320: http://bugs.mysql.com/47320) While the other two (three issues) looks too to be security relevant: * Error handling was missing for SELECT statements containing subqueries in the WHERE clause and that assigned a SELECT result to a user variable. The server could crash as a result. (Bug#48291: http://bugs.mysql.com/48291) This looks to be from adjacent network exploitable mysqld DoS. * If the first argument to GeomFromWKB() function was a geometry value, the function just returned its value. However, it failed to preserve the argument's null_value flag, which caused an unexpected NULL value to be returned to the caller, resulting in a server crash. (Bug#47780: http://bugs.mysql.com/47780) Same case as the above, though I can't look into upstream MySQL bugs to confirm or disprove it. Thus Cc-ed Sergei Golubchik on this mail. * Failure to treat BIT values as unsigned could lead to unpredictable results. (Bug#42803: http://bugs.mysql.com/42803) Also this one seems to be security related - upstream bug speaks about invalid memory access and didn't check the code if this could lead to heap overflow once the comparison fails. Sergei, our opinion here is appreciated. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request - MySQL - 5.0.88 Jan Lieskovsky (Nov 21)
- Re: CVE Request - MySQL - 5.0.88 Sergei Golubchik (Nov 21)
- Re: CVE Request - MySQL - 5.0.88 Josh Bressers (Nov 23)