611314 – (CVE-2017-3302) [TRACKER] mysql: use-after-free in libmysqlclient.so

Bug 611314 (CVE-2017-3302) - [TRACKER] mysql: use-after-free in libmysqlclient.so

Summary: [TRACKER] mysql: use-after-free in libmysqlclient.so

Status:	RESOLVED FIXED

Alias:	CVE-2017-3302

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:	Tracker

Depends on:	611316 611318 611320
Blocks:
	Show dependency tree

Reported:	2017-03-01 19:29 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-04-26 01:26 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-03-01 19:29:22 UTC

A use-after-free flaw was found in the MySQL client library (libmysqlclient.so). A malicious MySQL server could cause an application using the MySQL client library to crash.

Upstream bugs:

https://bugs.mysql.com/bug.php?id=70429
https://bugs.mysql.com/bug.php?id=63363

Upstream patch:

https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93