|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2004-0957: several mysql bugs | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | kukuk, mls, patch-request, ro, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2004-0957: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2004-0381:2.1:(AV:L/AC:L/Au:N/C:N/I:P/A:N) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | mysql-3.23.58-symlink.patch | ||
|
Description
Sebastian Krahmer
2004-10-12 17:35:22 UTC
<!-- SBZ_reproduce --> ... fixed packages submitted for SL 8.1, 8.2, 9.0 and 9.1 Can ids: On 2004-10-14 Martin Schulze wrote: > I have now received two more CVE Ids for the other two vulnerabilities that > weren't fixed in our stable release. > > If you have a good channel to the upstream developers, please tell them > about the CVE IDs and ask them to add a note to their bug tracking system > that an id was assigned to a particular issue. [some text removed] > > > Crash with MATCH..AGAINST > > > Bug: #3870 CAN-2004-0956 > > > Privilege Escalation in ALTER TABLE RENAME > > > Bug: #3270 CAN-2004-0835 > > > Potential Memory Overrun With Compromised DNS Server > > > Class: Denial of Service (crash but not exploitable with glibc they > > > claim) Bug: #4017 CAN-2004-0836 > > > Privilege Escalation on GRANT ALL ON `Foo\_Bar` > > > Bug: #3933 CAN-2004-0957 > > > Concurrent accesses to MERGE tables can result in crash > > > Bug: #2408 CAN-2004-0837 -> incident manager ... for laufzettel creation the fixes for CAN-2004-0957 and CAN-2004-0956 are missing AFAICS. The Mail
from Martin Schulze originally included:
> Crash with MATCH..AGAINST (denial of service)
>
> http://bugs.mysql.com/bug.php?id=3870
>
> Only affects mysql 4.0
>
> Privilege Escalation on GRANT ALL ON `Foo\_Bar`
>
> Changelog:
> Fixed bug in privilege checking where, under some conditions, one
> was able to grant privileges on the database, he has no privileges on.
>
> http://bugs.mysql.com/bug.php?id=3933
> http://mysql.bkbits.net:8080/mysql-4.0/patch@1.1844.5.1
>
> Does not only affect older versions than 4.0 as well.
I suggest refusing the submitted packages. I will submit new ones with the last two issues fixed. Created attachment 25268 [details]
mysql-3.23.58-symlink.patch
while you are already at it ... I just saw that redhat has patched some tmp
file bugs (CAN-2004-0381 and CAN-2004-0388).
The packages are prepared (including comment #7). I'll submit them as soon as the incomplete ones have been rejected (and removed from /work/src/done). copy them to mysql.newer or remove the old ones yourself. ... if you can't, you or I can write a mail to autobuild@suse.de Done <!-- SBZ_reopen -->Reopened by thomas@suse.de at Tue Oct 26 11:27:05 2004, took initial reporter krahmer@suse.de to cc reopened for tracking. /work/src/done/PATCHINFO/mysql.patch.maintained /work/src/done/PATCHINFO/mysql.patch.box i fixed the 9.1 checkin and submitted packages. It did not build due to one superflous hunk in symlink.patch I've fixed it as well right now ;-) Thanks anyway. http://w2d.suse.de/abuildstat/patchinfo/pending/f5ecd541adc5f4196b358cebc212a5c5 http://w2d.suse.de/abuildstat/patchinfo/pending/3a84b4e78dcc8987da4d2325fb664642 packages approved CVE-2004-0957: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) |