[debian-mysql] Bug#455737: CVE-2007-6304: DoS via mysql servers
steffen.joeris at skolelinux.de
Tue Dec 11 15:47:29 UTC 2007
The following CVE has been issued against mysql-dfsg-5.0.
The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23,
and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS
query, does not properly handle a response with a small number of
columns, which allows remote MySQL servers to cause a denial of service
(federated handler crash and daemon crash) via a response that lacks the
minimum required number of columns.
Prepared patch can be found here.
More information about the pkg-mysql-maint