[Secure-testing-team] Bug#498362: mysql-common: DoS via empty bit-string literal (b'')
Steffen Joeris
steffen.joeris at skolelinux.de
Tue Sep 9 12:45:53 UTC 2008
Package: mysql-common
Version: 5.0.51a-12
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
Mysql upstream changelog says:
An empty bit-string literal (b'') caused a server crash. Now the value
is parsed as an empty bit value (which is treated as an empty string
in string context or 0 in numeric context). (Bug#35658)
You'll find more information and a patch at the mysql upstream bugreport[0]
A CVE id has been requested and I'll forward it, once it got issued.
Cheers
Steffen
[0]: http://bugs.mysql.com/bug.php?id=35658
More information about the Secure-testing-team
mailing list