Description: Neil Kettle has reported a vulnerability in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling specially crafted IF queries, which can be exploited to crash the server. The vulnerability is reported in versions prior to 5.0.40. Solution: Update to version 5.0.40. Reproducible: Always
maintainers - please provide an updated ebuild
5.0.40 in the tree now. There may be an -r1 as well with some cleanups, but -r0 is good for the arches.
arches - please test target keywords are alpha, amd64, arm, hppa, ia64, mips, ppc, ppc64, s390, sparc, x86
target ebuild is dev-db/mysql-5.0.40
ppc64 stable
ia64 + x86 stable
Stable for HPPA.
sparc stable.
I just compiled mysql-5.0.40 and all test cases failed. So i'm geussing there is a problem. I uploaded the complete build log ( http://rullzer.com/gentoo/mysql-5.0.40-build.log ) since well there are a lot of test cases... They all fail because it can't start the mysql server. Why this is i do not know. Version 5.0.38 works like a charm.. emerge --info: Portage 2.1.2.2 (default-linux/amd64/2006.1/no-multilib, gcc-4.1.1, glibc-2.5-r2, 2.6.19-gentoo-r5 x86_64) ================================================================= System uname: 2.6.19-gentoo-r5 x86_64 AMD Sempron(tm) Processor 2800+ Gentoo Base System release 1.12.9 Timestamp of tree: Tue, 15 May 2007 01:20:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=athlon64 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict sandbox sfperms strict test" GENTOO_MIRRORS="ftp://gentoo.tiscali.nl/pub/mirror/gentoo/" LINGUAS="en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/overlay" SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage" USE="amd64 apache2 authdaemond bitmap-fonts bzip2 calendar cli cracklib crypt dri gdbm gpm iconv imap isdnlog libg++ libwww logrotate maildir midi ncurses nls nptl nptlonly pcre perl ppds pppd prcre python readline reflection session spell spl ssl tcpd test truetype-fonts type1-fonts unicode vda winbind xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="apm ark ati chips cirrus cyrix dummy fbdev glint i128 i810 mga neomagic nv rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
roeland: please tar up ${S}/mysql-tests/ after the tests fail and email it to me, robbat2@gentoo.org.
oh, and all of the testcases do pass on my Core 2 Duo that runs ~amd64 as well as my ~ppc G5. On x86 I'm aware of a weird blip with mysql_client_test, but every other test passes fine, and i'm suspecting a testcase oddity there.
Robin, in alpha we also have the same problem as comment #10. I will mail you the result of the tests or we can open a new bug for this, as you prefer. Anyway, mysql works fine with my manual tests: mysql client conexion and phpmyadmin, alpha stable.
yoswink: Please tar up that directory after the tests fail, and email it to me (i'm certain it will be over the bugzilla size limit).
FTR, I have all the same failure on my core2duo ~amd64 box.
roeland/yoswink/dang: Looking at the log that roeland sent me (specifically the ${S}/mysql-tests/var/log/master.err file), I see that MySQL is refusing to run for security reasons): CURRENT_TEST: alias 070515 14:06:58 [ERROR] Fatal error: Please read "Security" section of the manual to find out how to run mysqld as root! 070515 14:06:58 [ERROR] Aborting 070515 14:06:58 [Note] /var/tmp/portage/dev-db/mysql-5.0.40/work/mysql/sql/mysqld: Shutdown complete Could you confirm that all of you are using FEATURES=-userpriv, and change to using userpriv to see if things change for you?
Yup it was disabled. FEATURES=userpriv emerge mysql this compiled fine and testing went OK. Running it now i can use it fine with phpmyadmin and with griffith that uses the database. So running good here on AMD64
(In reply to comment #16) > > Could you confirm that all of you are using FEATURES=-userpriv, and change to > using userpriv to see if things change for you? > Confirmed, with FEATURES=userpriv all went fine, except one of the test failed in alpha, this is the summary: ---- execution_constants [ fail ] 2013: 'Lost connection to MySQL server during query', instead of 0... ---- Seems like a temporary problem with database connection and nothing related with the test itself, so I think we can live with it. Thanks Robin and if you need any more info feel free to ask.
ppc stable
yoswink: could you try to run just that test again? FEATURES='userpriv test' ebuild mysql-5.0.40.ebuild compile cd ${S}/mysql-test su -s /bin/sh -c './mysql-test-run.pl --force execution_constants' portage If it still fails, tar up and email to me: ${S}/mysql-test/r/execution_constants* ${S}/mysql-test/var/
amd64 stable
This one is ready for GLSA decision. I vote YES.
Yes too
I'm very sorry but mysql-5.0.38 is not affected by this issue (i've just checked here). It was already fixed with GLSA 200705-11. See also http://secunia.com/advisories/25196/ which mentions exactly SA 25188 *** This bug has been marked as a duplicate of bug 171934 ***
