Debian Bug report logs - #498362
mysql-common: DoS via empty bit-string literal (b'')

version graph

Package: mysql-common; Maintainer for mysql-common is Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>; Source for mysql-common is src:mysql-5.5.

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Tue, 9 Sep 2008 12:51:08 UTC

Severity: grave

Tags: patch, security

Found in version mysql-dfsg-5.0/5.0.51a-12

Fixed in version mysql-dfsg-5.0/5.0.51a-15

Done: Norbert Tretkowski <nobse@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#498362; Package mysql-common. Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mysql-common: DoS via empty bit-string literal (b'')
Date: Tue, 09 Sep 2008 22:45:53 +1000
Package: mysql-common
Version: 5.0.51a-12
Severity: grave
Tags: security, patch
Justification: user security hole

Hi

Mysql upstream changelog says:

An empty bit-string literal (b'') caused a server crash. Now the value  
is parsed as an empty bit value (which is treated as an empty string
in string context or 0 in numeric context). (Bug#35658)

You'll find more information and a patch at the mysql upstream bugreport[0]

A CVE id has been requested and I'll forward it, once it got issued.

Cheers
Steffen

[0]: http://bugs.mysql.com/bug.php?id=35658




Information forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#498362; Package mysql-common. Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 498362@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: 498362@bugs.debian.org
Subject: CVE id for mysql
Date: Sun, 14 Sep 2008 20:35:02 +1000
[Message part 1 (text/plain, inline)]
Hi

This issue is now being tracked as CVE-2008-3963.
Please mention the CVE id in the changelog, when you fix this bug.

Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]

Tags added: pending Request was from Norbert Tretkowski <nobse@alioth.debian.org> to control@bugs.debian.org. (Sun, 14 Sep 2008 16:36:03 GMT) Full text and rfc822 format available.

Reply sent to Norbert Tretkowski <nobse@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #17 received at 498362-close@bugs.debian.org (full text, mbox):

From: Norbert Tretkowski <nobse@debian.org>
To: 498362-close@bugs.debian.org
Subject: Bug#498362: fixed in mysql-dfsg-5.0 5.0.51a-15
Date: Mon, 15 Sep 2008 10:17:16 +0000
Source: mysql-dfsg-5.0
Source-Version: 5.0.51a-15

We believe that the bug you reported is fixed in the latest version of
mysql-dfsg-5.0, which is due to be installed in the Debian FTP archive:

libmysqlclient15-dev_5.0.51a-15_amd64.deb
  to pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-15_amd64.deb
libmysqlclient15off_5.0.51a-15_amd64.deb
  to pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-15_amd64.deb
mysql-client-5.0_5.0.51a-15_amd64.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-15_amd64.deb
mysql-client_5.0.51a-15_all.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-15_all.deb
mysql-common_5.0.51a-15_all.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-15_all.deb
mysql-dfsg-5.0_5.0.51a-15.diff.gz
  to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-15.diff.gz
mysql-dfsg-5.0_5.0.51a-15.dsc
  to pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-15.dsc
mysql-server-5.0_5.0.51a-15_amd64.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-15_amd64.deb
mysql-server_5.0.51a-15_all.deb
  to pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-15_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 498362@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Tretkowski <nobse@debian.org> (supplier of updated mysql-dfsg-5.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 14 Sep 2008 18:27:46 +0200
Source: mysql-dfsg-5.0
Binary: libmysqlclient15off libmysqlclient15-dev mysql-common mysql-client-5.0 mysql-server-5.0 mysql-server mysql-client
Architecture: source all amd64
Version: 5.0.51a-15
Distribution: unstable
Urgency: high
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Norbert Tretkowski <nobse@debian.org>
Description: 
 libmysqlclient15-dev - MySQL database development files
 libmysqlclient15off - MySQL database client library
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.0 - MySQL database client binaries
 mysql-common - MySQL database common files
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.0 - MySQL database server binaries
Closes: 498362
Changes: 
 mysql-dfsg-5.0 (5.0.51a-15) unstable; urgency=high
 .
   * SECURITY:
     Fix for CVE-2008-3963: An empty bit-string literal (b'') caused a server
     crash. Now the value is parsed as an empty bit value (which is treated as
     an empty string in string context or 0 in numeric context).
     (closes: #498362)
Checksums-Sha1: 
 0073ff2a9215953ea58a62926e96afb10de62b58 1709 mysql-dfsg-5.0_5.0.51a-15.dsc
 6843d46a770197e1097f3ebbc49056975a9e6d2f 306451 mysql-dfsg-5.0_5.0.51a-15.diff.gz
 47008391432d81ebfd80c5ba4ceb76b4ce7bdc7c 59586 mysql-common_5.0.51a-15_all.deb
 da828a066a9f9f4bbb61c50fbdc3017a04af8572 53946 mysql-server_5.0.51a-15_all.deb
 07e674243a4de24b7ff2fe975a1691a4c70a7bf3 51750 mysql-client_5.0.51a-15_all.deb
 fdeed1d8796efc8129ddf698b403bd448c1d8ef6 1904290 libmysqlclient15off_5.0.51a-15_amd64.deb
 41dc8863a2cd733d129054682a32e704c79fac56 7583820 libmysqlclient15-dev_5.0.51a-15_amd64.deb
 2d8c9958966262e5d658ee964682b766477c30a8 8205240 mysql-client-5.0_5.0.51a-15_amd64.deb
 ce311db05b15877ceb7a59fc9459427ff5ca52b8 27153288 mysql-server-5.0_5.0.51a-15_amd64.deb
Checksums-Sha256: 
 0e693280e219f435c0c687101e78127b49d65c6982d909091b7d02518fb70ace 1709 mysql-dfsg-5.0_5.0.51a-15.dsc
 acc5cc557c1a4f5dcecffd6b6994de58cd53f00b2a2369f1cfd5d10c37f5839b 306451 mysql-dfsg-5.0_5.0.51a-15.diff.gz
 1e7efeddaf532bb1c17af0f7810de926ccff6004fc5b9f1898790249265ab30b 59586 mysql-common_5.0.51a-15_all.deb
 737b1201e2d38abadf744e49bca88c9985c7560af4785a97a6dc7bd59d4a9e65 53946 mysql-server_5.0.51a-15_all.deb
 8a3730faa6d536806618c8c9ce0902630351aac94ad8d990ffc2fe7225fe2275 51750 mysql-client_5.0.51a-15_all.deb
 1b10b741c5a159a2fd56cb291a23f4e3b714aa08bcdadb400dc53c68d0412dc1 1904290 libmysqlclient15off_5.0.51a-15_amd64.deb
 19d57bc4eda96f4f8f747a1f945f41ad5935192967204a74a48bbc85ad2ace49 7583820 libmysqlclient15-dev_5.0.51a-15_amd64.deb
 62e139ce670df97cc80244a202086d2e2c12e6b8d7ececad6591f069989855d2 8205240 mysql-client-5.0_5.0.51a-15_amd64.deb
 f7a8d8cb77282aa7b26c633fefcd6b05a87965de38bc6ed78978ef1ee0b9cee7 27153288 mysql-server-5.0_5.0.51a-15_amd64.deb
Files: 
 a4b37cda3c50b361b15305852de41277 1709 misc optional mysql-dfsg-5.0_5.0.51a-15.dsc
 69f80e566d21804c53f899bb42cfe448 306451 misc optional mysql-dfsg-5.0_5.0.51a-15.diff.gz
 ff8863ac1b3ecba7b33c81f323403ef7 59586 misc optional mysql-common_5.0.51a-15_all.deb
 aa6c8cc002248e8742154bde4e431769 53946 misc optional mysql-server_5.0.51a-15_all.deb
 ccf2d845674c399ad1a3d30e7c9dcc62 51750 misc optional mysql-client_5.0.51a-15_all.deb
 8ec66c2cb2642b152b927d8c03025579 1904290 libs optional libmysqlclient15off_5.0.51a-15_amd64.deb
 df8d3c2b31ae94153c3a41bceb659438 7583820 libdevel optional libmysqlclient15-dev_5.0.51a-15_amd64.deb
 8101d5516b7e4cc9a378f23a694370ee 8205240 misc optional mysql-client-5.0_5.0.51a-15_amd64.deb
 d41f51d3d1efaac04148f4ad76b4188e 27153288 misc optional mysql-server-5.0_5.0.51a-15_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIzjEir/RnCw96jQERApaLAKCVHU8nVwgU2l0+azWcWmPvphRx7ACgjIm6
ewsx9z/kbzm0/wU2Zg2fp/w=
=KOgA
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 14 Oct 2008 07:31:56 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 14:24:04 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.