Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE
From: Stefan Cornelius <scorneli () redhat com>
Date: Fri, 13 Apr 2012 19:58:25 +0200

Hi,

MySQL 5.5.22 fixed a denial of service flaw in the way MySQL processed
HANDLER READ NEXT statements after deleting a record. A remote,
authenticated MySQL user could use this flaw to cause mysqld
daemon abort.

References:
[1] http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html
[2] https://bugs.gentoo.org/show_bug.cgi?id=411503
[3]
http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/

Upstream commit:
http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15

Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=812431

Thanks and kind regards,

-- 
Stefan Cornelius / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault