From ${URL} : Description A vulnerability has been reported in MySQL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within MySQL client in the "main()" function when processing received server information (client/mysql.cc) and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into connecting to a malicious server. Solution: No official solution is currently available. Provided and/or discovered by: Garth Mollett in a bug report. Original Advisory: Garth Mollett: https://bugzilla.redhat.com/show_bug.cgi?id=1054592 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This issue is fixed in 5.5.37: from http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html : "While printing the server version, the mysql client did not check for buffer overflow in a string variable. (Bug #18186103)" The issue was introduced in 5.1.34 c.f. https://bugzilla.redhat.com/show_bug.cgi?id=1054592#c24 I don't see any current fix for the 5.1 branch, but it might be possible to backport the patch from https://bugzilla.redhat.com/attachment.cgi?id=854008&action=diff @maintainers: Please advise what do you think is the appropriate way further; stabilization of 5.5.37-r1 or backport of patch to the 5.1 series?
CVE-2014-0001 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0001): Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
Added to existing GLSA request
This issue was resolved and addressed in GLSA 201409-04 at http://security.gentoo.org/glsa/glsa-201409-04.xml by GLSA coordinator Sergey Popov (pinkbyte).
