MySQL Local Crash Vulnerability
Reference:
http://www.h-online.com/open/news/item/Oracle-accidentally-release-MySQL-DoS-proof-of-concept-1526146.html
Create crash with:
http://bazaar.launchpad.net/~mysql/mysql-server/5.1/view/head:/mysql-test/suite/innodb/t/innodb_bug13510739.test?sort=filename
Verified against:
5.1.61-0+squeeze1
I had hoped that this would have been addressed here:
mysql-5.1 (5.1.61-0+squeeze1) stable-security; urgency=high
* SECURITY UPDATE: Unspecified vulnerabilities identified by Oracle.
in all versions of MySQL 5.1 earlier than 5.1.61. CVE list is as
follows: CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101
CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115
CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484
CVE-2012-0485 CVE-2012-0490 CVE-2012-0492. (Closes: #659687)
* d/patches/61_CVE* - Removed as the new upstream version carries all of
these fixes.
* d/patches/99_fix_testsuite_for_installed_env.dpatch: Superseded
upstream.
* Upstream removed the file file EXCEPTIONS-CLIENT from their tarballs,
however the exception is still granted.
But I guess not. Of course Oracle isn't terribly helpful on the exact fix for the problem...
Zachary Schneider, RHCE
Linux Systems Engineer III
Rackspace Cloud
desk: 210.312.5140
cel: 210.501.3362
zachary.schneider@rackspace.com
Reply to: