Bug 232603 (CVE-2007-1420)
Summary: | CVE-2007-1420 Single MySQL worker can be crashed (NULL deref) with certain SELECT statements | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Red Hat Product Security <security-response-team> |
Component: | vulnerability | Assignee: | Tom Lane <tgl> |
Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | byte, hhorak, osoukup |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/bid/22900/discuss | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-25 08:14:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lubomir Kundrak
2007-03-16 12:16:35 UTC
The mysql 5.0.36/37 release notes mention something like twenty different crashing bugs fixed. What's your rationale for harping on this particular one? tgl: a CVE. pardon me for forgetting to mention it in the Summary. moving to security response parent bug, we only create tracking bugs once it has been decided we will fix this issue in a particular release. Red Hat does not consider this to be a security issue. It requires an attacker to be authenticated and after triggering the crash the database server will restart and continue to service requests. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0364.html Reporter changed to security-response-team by request of Jay Turner. |