Summary: | dev-db/mysql <= 5.0.60-r1: GRANT statement DoS | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Walter <walter> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mysql-bugs, tm |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://bugs.mysql.com/bug.php?id=16470 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 246652 | ||
Bug Blocks: |
Description
Walter
2008-06-25 03:01:33 UTC
This is actually a Denial of Service issue and should be handled as a security bug, re-assigning. Short summary: Any user with GRANT permissions can crash the whole server. mysql team, please bump. It's not only a DoS issue, it prohibits regular use of grant statements. All security relevant arches stable due to bug 246652. I vote YES. Returning to [ebuild]... the patch has not been committed to 5.0 as discussed on http://lists.mysql.com/commits/36237 I'm not sure whether upstream states that 5.0 is not affected, or they simply do not care. It's in the tree as mysql-5.0.70-r1 now. Stabilization is in bug 246652. Yes, too. Added bug # to a pending request. security: bump for glsa on this security: ping This issue was resolved and addressed in GLSA 201201-02 at http://security.gentoo.org/glsa/glsa-201201-02.xml by GLSA coordinator Tim Sammut (underling). |