mysql server DoS A bug was found in the mysql server which can allow an authenticated remote users cause a temporary DoS on the server. All clients connected to the server will be disconnected, they will have to reconnect to the sql server. Affects 4.1 before 4.1.21 and 5.0 (doesn't affect 3.x) The upstream bug is here: http://bugs.mysql.com/bug.php?id=20729
Per discussion, the odds of real applications being vulnerable to this seem pretty low, so we're not going to turn the RHEL4 mysql package just for this --- putting it in the queue for next update.
This is more of a concern in a shared hosting environment. Any user who has a mysql account can cause the mysqld process to crash. I bump this bug for more attention. Regards, Daniel.
moving to security response parent bug, should this deferred issue get picked up for a future update we'll create tracking bugs with appropriate flags set at that time.
Reproducers from the upstream bug: select date_format('%d%s', 1); select date_format('%Y-%m-%d %H:%i:%s', 1151414896); Upstream commit: http://lists.mysql.com/commits/9048
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0768.html