oss-sec: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE

oss-sec mailing list archives

CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE

From: Stefan Cornelius <scorneli () redhat com>
Date: Fri, 13 Apr 2012 19:58:25 +0200

Hi,

MySQL 5.5.22 fixed a denial of service flaw in the way MySQL processed
HANDLER READ NEXT statements after deleting a record. A remote,
authenticated MySQL user could use this flaw to cause mysqld
daemon abort.

References:
[1] http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html
[2] https://bugs.gentoo.org/show_bug.cgi?id=411503
[3]
http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/

Upstream commit:
http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15

Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=812431

Thanks and kind regards,

-- 
Stefan Cornelius / Red Hat Security Response Team

By Date By Thread

Current thread:

CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Stefan Cornelius (Apr 13)
- Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Kurt Seifried (Apr 13)