A flaw in MySQL versions prior to 5.1.51 [1] was reported [2] that could allow an authenticated user to kill connections to MySQL by using GROUP_CONCAT() together with 'WITH ROLLUP'. [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html [2] http://bugs.mysql.com/bug.php?id=54476 This is noted as having been fixed in MySQL 5.1.51, but it does not cause a crash on MySQL 5.0.50 in Fedora 13. It also causes a crash on Red Hat Enterprise Linux 5 (5.0.77) but not Red Hat Enterprise Linux 4 (4.1.22). GROUP_CONCAT() support looks to have been added in MySQL 4.1, so Red Hat Enterprise Linux 3 is not affected. A patch for this flaw is included in the upstream report.
This issue has been assigned the name CVE-2010-3837: http://article.gmane.org/gmane.comp.security.oss.general/3627
Created attachment 453404 [details] upstream patch
This issue did NOT affect the versions of the mysql package, as shipped with Red Hat Enterprise Linux 3 and 4. This issue affects the version of mysql package, as shipped with Red Hat Enterprise Linux 5 and 6. --- This issue affects the version of the mysql package, as shipped with Fedora 12. This issue did NOT affect the version of the mysql package, as shipped with Fedora 13.
Created mysql tracking bugs for this issue Affects: fedora-12 [bug 645647]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0825 https://rhn.redhat.com/errata/RHSA-2010-0825.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0164 https://rhn.redhat.com/errata/RHSA-2011-0164.html