Bug 757258 - VUL-0: mysql: CVE-2012-2102: Server crash on HANDLER READ NEXT after DELETE
VUL-0: mysql: CVE-2012-2102: Server crash on HANDLER READ NEXT after DELETE
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michal Hrusecky
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2012-04-16 06:41 UTC by Sebastian Krahmer
Modified: 2012-08-16 14:36 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

innodb_bug13510739.test (472 bytes, text/plain)
2012-08-16 14:33 UTC, Marcus Meissner

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2012-04-16 06:41:24 UTC
Via oss-sec:

Date: Fri, 13 Apr 2012 19:58:25 +0200
From: Stefan Cornelius
To: oss-security


MySQL 5.5.22 fixed a denial of service flaw in the way MySQL processed
HANDLER READ NEXT statements after deleting a record. A remote,
authenticated MySQL user could use this flaw to cause mysqld
daemon abort.

[1] http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html
[2] https://bugs.gentoo.org/show_bug.cgi?id=411503

Upstream commit:

Red Hat bug:
Comment 1 Sebastian Krahmer 2012-04-16 06:41:51 UTC
Comment 2 Swamp Workflow Management 2012-04-16 22:00:17 UTC
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2012-04-17 07:05:10 UTC
The SWAMPID for this issue is 46787.
This issue was rated as moderate.
Please submit fixed packages until 2012-05-01.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Sebastian Krahmer 2012-04-17 07:07:03 UTC
we must take care to include bnc#756451  and bnc#677335 from planned
updates if possible
Comment 7 Marcus Meissner 2012-08-16 14:33:50 UTC
Created attachment 502541 [details]

Comment 8 Marcus Meissner 2012-08-16 14:36:36 UTC
SLE 10 and 11 with mysql 5.0.x appears not affected, this kind of syntax is likely not present.
I tried this testcase against sle11sp1, mysql-Max did not crash.

opensuse 12.1 has a newer 5.5. mysql-community-server version.

opensuse 11.4 has a 5.1 version, but its not that important.

so nothing to do.