Re: Re: MySQL Local Crash Vulnerability
>> On 04/18/2012 11:09 PM, Zachary Schneider wrote:
>> Reference:
>>
>> http://www.h-online.com/open/news/item/Oracle-accidentally-release-MySQL-DoS-proof-of-concept-1526146.html
>>
>> Create crash with:
>>
>> http://bazaar.launchpad.net/~mysql/mysql-server/5.1/view/head:/mysql-test/suite/innodb/t/innodb_bug13510739.test?sort=filename
>>
>> But I guess not. Of course Oracle isn't terribly helpful on the exact fix for the problem...
> Isn't this the fix? (judging by the commit that added that test file)
>
>
> https://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.8.4
> https://bazaar.launchpad.net/~mysql/mysql-server/5.1/diff/3560.8.4
Looks like it. Patched and tested, no longer a crash. Also it does look to be tracked, need to get better at searching the debian security site:
http://security-tracker.debian.org/tracker/CVE-2012-2102
Thanks!
-z-
Reply to: