Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 611314 (CVE-2017-3302) - [TRACKER] mysql: use-after-free in libmysqlclient.so
Summary: [TRACKER] mysql: use-after-free in libmysqlclient.so
Status: RESOLVED FIXED
Alias: CVE-2017-3302
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords: Tracker
Depends on: 611316 611318 611320
Blocks:
  Show dependency tree
 
Reported: 2017-03-01 19:29 UTC by Thomas Deutschmann
Modified: 2017-04-26 01:26 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2017-03-01 19:29:22 UTC
A use-after-free flaw was found in the MySQL client library (libmysqlclient.so). A malicious MySQL server could cause an application using the MySQL client library to crash.

Upstream bugs:

https://bugs.mysql.com/bug.php?id=70429
https://bugs.mysql.com/bug.php?id=63363

Upstream patch:

https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93