Multiple denial of service flaws were found in MySQL SQL database server. Quoting from upstream 5.0.88 release notes: * Error handling was missing for SELECT statements containing subqueries in the WHERE clause and that assigned a SELECT result to a user variable. The server could crash as a result. (Bug#48291) * If the first argument to GeomFromWKB() function was a geometry value, the function just returned its value. However, it failed to preserve the argument's null_value flag, which caused an unexpected NULL value to be returned to the caller, resulting in a server crash. (Bug#47780) References: ----------- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html (there are more DoS issues mentioned in the release notes, but this CVE was assigned to these two) http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://bugs.mysql.com/47780 http://bugs.mysql.com/48291 Upstream patches: ----------------- * For Bug #48291 crash with row() operator,select into @var, and subquery returning multiple rows: http://lists.mysql.com/commits/88409 http://lists.mysql.com/commits/88741 * For Bug #47780: crash when comparing GIS items from subquery: http://lists.mysql.com/commits/87591 http://lists.mysql.com/commits/88069
These issues (both) do NOT affect the versions of the mysql-server package, as shipped with Red Hat Enterprise Linux 3 and 4. The "Bug #48291 crash with row() operator,select into @var, and subquery returning multiple rows:" issue affects the version of the mysql-server package, as shipped with Red Hat Enterprise Linux 5. These issues affect the versions of the mysql-server package, as shipped with Fedora releases of 10, 11, and 12.
mysql-5.0.88-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/mysql-5.0.88-1.fc10
Mitre's CVE-2009-4019 record: ----------------------------- mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
mysql-5.0.88-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.41-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/mysql-5.1.41-2.fc12
mysql-5.1.41-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/mysql-5.1.41-2.fc11
mysql-5.1.41-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
mysql-5.1.41-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0109 https://rhn.redhat.com/errata/RHSA-2010-0109.html