Summary: | <dev-db/mysql-5.5.39: Buffer Overflow Vulnerability (CVE-2014-0001) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mysql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/52161/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-02-04 10:40:55 UTC
This issue is fixed in 5.5.37: from http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html : "While printing the server version, the mysql client did not check for buffer overflow in a string variable. (Bug #18186103)" The issue was introduced in 5.1.34 c.f. https://bugzilla.redhat.com/show_bug.cgi?id=1054592#c24 I don't see any current fix for the 5.1 branch, but it might be possible to backport the patch from https://bugzilla.redhat.com/attachment.cgi?id=854008&action=diff @maintainers: Please advise what do you think is the appropriate way further; stabilization of 5.5.37-r1 or backport of patch to the 5.1 series? CVE-2014-0001 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0001): Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. Added to existing GLSA request This issue was resolved and addressed in GLSA 201409-04 at http://security.gentoo.org/glsa/glsa-201409-04.xml by GLSA coordinator Sergey Popov (pinkbyte). |