It was found that MySQL server did not properly check the particular field type in SQL queries involving assignments of type values into GeometryCollection typed items like MultiPoint, MultiCurve, MultiSurface. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon crash) via SQL query containing conversion(s) from geometry types to strings. References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=55531 (not public) [3] http://lists.mysql.com/commits/119434?f=plain Note: On Red Hat Enterprise Linux systems exploitation of this issue would lead only to temporary denial of service, since mysqld daemon gets automatically restarted upon encountering a crash.
This issue affects the versions of the mysql package, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue did NOT affect the version of the mysql package, as shipped with Red Hat Enterprise Linux 6. -- This issue did NOT affect the versions of the mysql package, as shipped with Fedora release of 14 and 15.
(In reply to comment #2) > This issue affects the versions of the mysql package, as shipped with > Red Hat Enterprise Linux 4 and 5. > The mysql package in Red Hat Enterprise Linux 5 has been upgraded to version 5.0.95 via RHSA-2012:0127 security advisory: https://rhn.redhat.com/errata/RHSA-2012-0127.html, and therefore this issue has been addressed in Red Hat Enterprise Linux 5 too.