Bug 462071 (CVE-2008-3963)
Summary: | CVE-2008-3963 MySQL: Using an empty binary value leads to server crash | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | kvolny, tao, tgl |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-23 22:46:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 476896 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2008-09-12 12:57:18 UTC
This issue is 64bit architecture specific one. Sample test output (mysql-server-5.0.45-7.el5.x86_64): # service mysqld start # mysql -u root mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.0.45 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> select b''; ERROR 2013 (HY000): Lost connection to MySQL server during query /***** ^-connection crash -^ *****/ mysql> select x''; ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... Connection id: 1 Current database: mysql +-----+ | x'' | +-----+ | | +-----+ 1 row in set (0.00 sec) Detail information about (un)affected versions: This issue DOES NOT affect the versions of the mysql-server package, as shipped with Red Hat Enteprise Linux 2.1, 3 and 4. (Unsupported functionality on these versions of the MySQL server). This issue AFFECTS the versions of the mysql-server package, as shipped with Red Hat Enterprise Linux 5.1 and within Fedora releases of 8, 9 and 10. This issue has been addressed in following products: Red Hat Web Application Stack for RHEL 5 Via RHSA-2009:1067 https://rhn.redhat.com/errata/RHSA-2009-1067.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1289 https://rhn.redhat.com/errata/RHSA-2009-1289.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1289 https://rhn.redhat.com/errata/RHSA-2009-1289.html |