Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 611314 (CVE-2017-3302)

Summary: [TRACKER] mysql: use-after-free in libmysqlclient.so
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal Keywords: Tracker
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2017/01/28/1
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 611316, 611318, 611320    
Bug Blocks:    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-03-01 19:29:22 UTC 
A use-after-free flaw was found in the MySQL client library (libmysqlclient.so). A malicious MySQL server could cause an application using the MySQL client library to crash.

Upstream bugs:

https://bugs.mysql.com/bug.php?id=70429
https://bugs.mysql.com/bug.php?id=63363

Upstream patch:

https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93