ports/129978: [vuxml] MySQL: document CVE-2008-3963
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Sat Dec 27 18:10:05 UTC 2008
>Number: 129978
>Category: ports
>Synopsis: [vuxml] MySQL: document CVE-2008-3963
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Dec 27 18:10:04 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 7.1-PRERELEASE amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 7.1-PRERELEASE amd64
>Description:
It was found that the sequence "b''" in the client's request will
crash MySQL server.
>How-To-Repeat:
http://bugs.mysql.com/bug.php?id=35658
>Fix:
The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="57dd3c55-d410-11dd-9f32-001fc66e7203">
<topic>mysql -- Denial of Service for authorized clients</topic>
<affects>
<package>
<name>mysql-server</name>
<range><ge>5.0</ge><lt>5.0.66</lt></range>
<range><ge>5.1</ge><lt>5.1.26</lt></range>
<range><ge>6.0</ge><lt>6.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kay Roepke reports:</p>
<blockquote
cite="http://bugs.mysql.com/bug.php?id=35658">
<p>Using an empty binary value leads to server crash in
Item_bin_string::Item_bin_string</p>
<p>How to repeat: From a mysql client do "select b'';". The
server crashes.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-3963</cvename>
<url>http://bugs.mysql.com/bug.php?id=35658</url>
<url>http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html</url>
<url>http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html</url>
<url>http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html</url>
</references>
<dates>
<discovery>28-03-2008</discovery>
<entry>TODAY</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
All current versions of MySQL in the FreeBSD ports tree are up-to-date
in respect to the described issue.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list