[debian-mysql] Bug#455737: CVE-2007-6304: DoS via mysql servers
Steffen Joeris
steffen.joeris at skolelinux.de
Tue Dec 11 15:47:29 UTC 2007
Package: mysql-dfsg-5.0
Severity: important
Tags: security
Hi
The following CVE[0] has been issued against mysql-dfsg-5.0.
CVE-2007-6304:
The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23,
and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS
query, does not properly handle a response with a small number of
columns, which allows remote MySQL servers to cause a denial of service
(federated handler crash and daemon crash) via a response that lacks the
minimum required number of columns.
Prepared patch can be found here[1].
Cheers
Steffen
[0]: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6304
[1]: http://klecker.debian.org/~white/mysql/CVE-2007-6304.patch
More information about the pkg-mysql-maint
mailing list