Bug 1035870

Summary: CVE-2013-1861 mysql: geometry query crashes mysqld (CPU July 2013)
Product: Red Hat Enterprise Linux 5 Reporter: Karel Volný <kvolny>
Component: mysqlAssignee: Honza Horak <hhorak>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.10CC: byte, databases-maint, huzaifas, kvolny
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-02 13:04:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 919247    

Description Karel Volný 2013-11-28 17:03:29 UTC 
Description of problem:
the test for this CVE fails also with mysql-5.0.95-5.el5_9
Comment 1 Honza Horak 2013-11-29 10:56:29 UTC 
It seems not much changed from 5.0 to 5.1, so back-porting a patch from 5.1 should work fine.

Reproducer works:
mysql> select astext(0x0100000000030000000100000000000010);
ERROR 5 (HY000): Out of memory (Needed 4026531856 bytes)
Comment 5 RHEL Program Management 2014-03-07 12:15:50 UTC 
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in the  last planned RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX. To request that Red Hat re-consider this request, please re-open the bugzilla via  appropriate support channels and provide additional business and/or technical details about its importance to you.
Comment 6 RHEL Program Management 2014-06-02 13:04:45 UTC 
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).