Debian Bug report logs -
#706715
mysql-server: CVE-2013-1861: Denial of service via a crafted geometry feature
Reported by: Henri Salo <henri@nerv.fi>
Date: Fri, 3 May 2013 16:03:07 UTC
Severity: important
Tags: security
Found in version mysql-5.5/5.5.30+dfsg-1.1
Fixed in version mysql-5.5/5.5.33+dfsg-1
Done: Clint Byrum <spamaps@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#706715
; Package mysql-server
.
(Fri, 03 May 2013 16:03:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
New Bug report received and forwarded. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Fri, 03 May 2013 16:03:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: mysql-server
Version: 5.5.30+dfsg-1.1
Severity: important
Tags: security
mysql> select astext(0x0100000000030000000100000000000010);
ERROR 2013 (HY000): Lost connection to MySQL server during query
More information: http://osvdb.org/91415
---
Henri Salo
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions mysql-5.1/5.1.66-0+squeeze1.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org
.
(Fri, 03 May 2013 16:09:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#706715
; Package mysql-server
.
(Tue, 14 May 2013 10:30:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Simon Frankenberger <simon@wf-hosting.de>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Tue, 14 May 2013 10:30:09 GMT) (full text, mbox, link).
Message #12 received at 706715@bugs.debian.org (full text, mbox, reply):
Issue can not be reproduced using latest mysql-server-5.1 on Squeeze:
>Server version: 5.1.66-0+squeeze1 (Debian)
>
>Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights
> reserved.
>
>Oracle is a registered trademark of Oracle Corporation and/or its
>affiliates. Other names may be trademarks of their respective
>owners.
>
>Type 'help;' or '\h' for help. Type '\c' to clear the current input
> statement.
>
>mysql> select astext(0x0100000000030000000100000000000010);
>>ERROR 5 (HY000): Out of memory (Needed 4026531856 bytes)
>mysql> SELECT 1;
>>+---+
>>| 1 |
>>+---+
>>| 1 |
>>+---+
>>1 row in set (0.00 sec)
Regards,
Simon
No longer marked as found in versions mysql-5.1/5.1.66-0+squeeze1.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org
.
(Sat, 15 Jun 2013 12:36:04 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Clint Byrum <spamaps-guest@alioth.debian.org>
to control@bugs.debian.org
.
(Sat, 10 Aug 2013 04:21:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#706715
; Package mysql-server
.
(Thu, 22 Aug 2013 07:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Simon Frankenberger <simon@wf-hosting.de>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Thu, 22 Aug 2013 07:18:04 GMT) (full text, mbox, link).
Message #21 received at 706715@bugs.debian.org (full text, mbox, reply):
Hi,
just testet this bug against latest 5.5 from wheezy,
this version is still affected:
------- SNIP -------
Server version: 5.5.31-0+wheezy1-log (Debian)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights
reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
mysql> select astext(0x0100000000030000000100000000000010);
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> SELECT 1;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 1
Current database: *** NONE ***
+---+
| 1 |
+---+
| 1 |
+---+
1 row in set (0.00 sec)
------- SNIP -------
Content of /var/log/mysql.err:
------- SNIP -------
07:02:08 UTC - mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this
binary
or one of the libraries it was linked against is corrupt, improperly
built,
or misconfigured. This error can also be caused by malfunctioning
hardware.
We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.
key_buffer_size=2097152
read_buffer_size=131072
max_used_connections=6
max_threads=151
thread_count=4
connection_count=4
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads =
332346 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.
Thread pointer: 0x7f30cc60e430
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7f30b8846e80 thread_stack 0x30000
/usr/sbin/mysqld(my_print_stacktrace+0x29)[0x7f30ca615569]
/usr/sbin/mysqld(handle_fatal_signal+0x3d8)[0x7f30ca4fd748]
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf030)[0x7f30c9caf030]
/usr/sbin/mysqld(_ZNK11Gis_polygon15get_data_as_wktEP6StringPPKc+0x100)[0x7f30ca5cb700]
/usr/sbin/mysqld(_ZN16Item_func_as_wkt13val_str_asciiEP6String+0x151)[0x7f30ca5515b1]
/usr/sbin/mysqld(_ZN13Item_str_func26val_str_from_val_str_asciiEP6StringS1_+0x17)[0x7f30ca55d577]
/usr/sbin/mysqld(_ZN4Item4sendEP8ProtocolP6String+0x3d)[0x7f30ca506f7d]
/usr/sbin/mysqld(_ZN8Protocol19send_result_set_rowEP4ListI4ItemE+0xc7)[0x7f30ca39f037]
/usr/sbin/mysqld(_ZN11select_send9send_dataER4ListI4ItemE+0x71)[0x7f30ca3da9e1]
/usr/sbin/mysqld(_ZN4JOIN4execEv+0x13f0)[0x7f30ca444750]
/usr/sbin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x11d)[0x7f30ca43f60d]
/usr/sbin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x174)[0x7f30ca4456d4]
/usr/sbin/mysqld(+0x320464)[0x7f30ca3fe464]
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x1309)[0x7f30ca405189]
/usr/sbin/mysqld(+0x32a64e)[0x7f30ca40864e]
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x193b)[0x7f30ca40a7cb]
/usr/sbin/mysqld(_Z24do_handle_one_connectionP3THD+0x105)[0x7f30ca4a49b5]
/usr/sbin/mysqld(handle_one_connection+0x50)[0x7f30ca4a4ad0]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x6b50)[0x7f30c9ca6b50]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f30c85eaa7d]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (7f30cc68faa0): select
astext(0x0100000000030000000100000000000010)
Connection ID (thread ID): 12
Status: NOT_KILLED
------- SNIP -------
Regards,
Simon
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#706715
; Package mysql-server
.
(Thu, 22 Aug 2013 08:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "Norvald H. Ryeng" <norvald.ryeng@oracle.com>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Thu, 22 Aug 2013 08:54:04 GMT) (full text, mbox, link).
Message #26 received at 706715@bugs.debian.org (full text, mbox, reply):
This bug is fixed in MySQL 5.1.70, 5.5.32 and 5.6.12, cf. the July CPU.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
:
Bug#706715
; Package mysql-server
.
(Thu, 22 Aug 2013 16:09:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Clint Byrum <clint@ubuntu.com>
:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
.
(Thu, 22 Aug 2013 16:09:09 GMT) (full text, mbox, link).
Message #31 received at 706715@bugs.debian.org (full text, mbox, reply):
Excerpts from Norvald H. Ryeng's message of 2013-08-22 01:24:19 -0700:
> This bug is fixed in MySQL 5.1.70, 5.5.32 and 5.6.12, cf. the July CPU.
>
Right, working on 5.5.33 packages now, but dealing with a test failure.
Reply sent
to Clint Byrum <spamaps@debian.org>
:
You have taken responsibility.
(Fri, 27 Sep 2013 01:51:09 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>
:
Bug acknowledged by developer.
(Fri, 27 Sep 2013 01:51:09 GMT) (full text, mbox, link).
Message #36 received at 706715-close@bugs.debian.org (full text, mbox, reply):
Source: mysql-5.5
Source-Version: 5.5.33+dfsg-1
We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 706715@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Clint Byrum <spamaps@debian.org> (supplier of updated mysql-5.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 26 Sep 2013 09:14:47 -0700
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.33+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Clint Byrum <spamaps@debian.org>
Description:
libmysqlclient-dev - MySQL database development files
libmysqlclient18 - MySQL database client library
libmysqld-dev - MySQL embedded database development files
libmysqld-pic - PIC version of MySQL embedded server development files
mysql-client - MySQL database client (metapackage depending on the latest versio
mysql-client-5.5 - MySQL database client binaries
mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
mysql-server - MySQL database server (metapackage depending on the latest versio
mysql-server-5.5 - MySQL database server binaries and system database setup
mysql-server-core-5.5 - MySQL database server binaries
mysql-source-5.5 - MySQL source
mysql-testsuite-5.5 - MySQL testsuite
Closes: 678252 706715 707280 712730 719196
Changes:
mysql-5.5 (5.5.33+dfsg-1) unstable; urgency=low
.
* d/rules, d/control: Remove gcc-4.4 dependency and disable X86
assembly in taocrypt. (Closes: #707280) (Closes: #678252)
* d/patches/fix-mips64el-ftbfs.patch: Fix FTBFS on mips64el.
(Closes: #719196) Thanks YunQuiang Su.
* New upstream release.
SECURITY UPDATE: CVE-2013-1861 CVE-2013-3783 CVE-2013-3793
CVE-2013-3804 CVE-2013-3802 CVE-2013-3809 CVE-2013-3812
(Closes: #706715) (Closes: #712730)
* d/patches/work_around_failing_rpl_deadlock.patch: Test suite
changes upstream have left some connections active. This
patch fixes that. Thanks Kristian Nielsen!
* d/patches/fix-racey-rpltests.patch: Fix from Oracle for failing
tests.
Checksums-Sha1:
35fc1f7c8b4f09b3ca2f341effc8b41e0813cde2 2566 mysql-5.5_5.5.33+dfsg-1.dsc
21da4790c6bb6fa1d2acdbe270c671b5d3bac9d2 21279667 mysql-5.5_5.5.33+dfsg.orig.tar.gz
8bc4abb16990c695eb9b2e83f33f73163e4b04f5 307361 mysql-5.5_5.5.33+dfsg-1.debian.tar.gz
87e9a6a3723e235982dabe501b75f5ac34eb5e02 79386 mysql-common_5.5.33+dfsg-1_all.deb
723f234fb05c1915e0e96fe66c86dcec035158aa 77656 mysql-server_5.5.33+dfsg-1_all.deb
46a0cd08ba3683ea2a66982b5dba08aa5d29f9da 77528 mysql-client_5.5.33+dfsg-1_all.deb
82f5ee0afea1649aebf0a93c3d72be1f47a2d624 673208 libmysqlclient18_5.5.33+dfsg-1_amd64.deb
3603839f228d6d6550101322502098efb3762d67 3165026 libmysqld-pic_5.5.33+dfsg-1_amd64.deb
a3a4e35f42170c1d36c4187fe2b045c6a255c68b 3163218 libmysqld-dev_5.5.33+dfsg-1_amd64.deb
939b7ad03957207c1972db7f67aeb4b9007363ed 945798 libmysqlclient-dev_5.5.33+dfsg-1_amd64.deb
b2cdd6d39f455cb076923e4af4bff3fe4533e70d 1837902 mysql-client-5.5_5.5.33+dfsg-1_amd64.deb
754f1c6d1fd986c9ba7bad47b6fa897ff35e934c 3789848 mysql-server-core-5.5_5.5.33+dfsg-1_amd64.deb
407a63723dc9802e3fa46ba3a4a85d1ea3359ae9 1800260 mysql-server-5.5_5.5.33+dfsg-1_amd64.deb
000d8f28bcd5e17e77541fb046813e791457116d 4258552 mysql-testsuite-5.5_5.5.33+dfsg-1_amd64.deb
830efae4e5c9f36394db27644594103f56accfe1 22791016 mysql-source-5.5_5.5.33+dfsg-1_amd64.deb
Checksums-Sha256:
a822f044f6627df3c9e1029af8c82f66eb06052d83a48e099d8a3c4b125f7ba5 2566 mysql-5.5_5.5.33+dfsg-1.dsc
d7b2653099791a036d4d77111de741d0419ff51e271ca66b83346ab378048a81 21279667 mysql-5.5_5.5.33+dfsg.orig.tar.gz
0de84b638602239145b23b0259c858d218cc9d90ddc6a30ac2cd452e7e38d538 307361 mysql-5.5_5.5.33+dfsg-1.debian.tar.gz
6db964e80ba04f89b5d478df1cb87023d80a6705eee9c76b4e86244b4d907e29 79386 mysql-common_5.5.33+dfsg-1_all.deb
18f50141a266c91372e640b15ea28a0d1d6ad7975d94dd45790abf675ae55f5b 77656 mysql-server_5.5.33+dfsg-1_all.deb
52eb6b977bb09041ceb30b309d8c9b6f90f610e2fb42a570a0518671d1de5838 77528 mysql-client_5.5.33+dfsg-1_all.deb
8a0032d8da2131a5ae61d0e02b8d11f057a3860b71c2be1b91313099c19c7385 673208 libmysqlclient18_5.5.33+dfsg-1_amd64.deb
6ca589d2b24bc65a4d01943f0c52d0986d950708f714d0785935870780fba9ff 3165026 libmysqld-pic_5.5.33+dfsg-1_amd64.deb
33122a96254845ab68dce1b96b8bde3aa3954ebaf71c42c6dce7266ff75bef42 3163218 libmysqld-dev_5.5.33+dfsg-1_amd64.deb
3814e1173f1192603356ce21a33de4cb060f7f07703f4ff192d51aade8ba298b 945798 libmysqlclient-dev_5.5.33+dfsg-1_amd64.deb
55f19bd46bf34411003f2110250a90f710c056ed4af5a852705573e45be50240 1837902 mysql-client-5.5_5.5.33+dfsg-1_amd64.deb
5e673a4f6796a95ea1394b64efcb1a9249af8e54c8e82b8309f32847a863db26 3789848 mysql-server-core-5.5_5.5.33+dfsg-1_amd64.deb
2031a845486689dfba1100c76207c7347e557371b67a7926b8d985fe7ba42997 1800260 mysql-server-5.5_5.5.33+dfsg-1_amd64.deb
daf744ebb3d3246ff6117bd5f293afa05612a8b4d9e8ae78e5d950a84eacda67 4258552 mysql-testsuite-5.5_5.5.33+dfsg-1_amd64.deb
09c5fb0433bbec8449568ee7b447c7be3f42aad19f89f78b35a898790bb483f5 22791016 mysql-source-5.5_5.5.33+dfsg-1_amd64.deb
Files:
3e3de2ed920029846cd9fbcaf720f0d3 2566 database optional mysql-5.5_5.5.33+dfsg-1.dsc
f35902e01453dd7eedb2a647c69b39ec 21279667 database optional mysql-5.5_5.5.33+dfsg.orig.tar.gz
ee02d009625acbab242e111d7f0803ae 307361 database optional mysql-5.5_5.5.33+dfsg-1.debian.tar.gz
7a2405684f22aa585baf29f58fd40f5e 79386 database optional mysql-common_5.5.33+dfsg-1_all.deb
c855e0ad567090132122f9cc76246c1e 77656 database optional mysql-server_5.5.33+dfsg-1_all.deb
a85b53bea30d8865f722548f5dde2cb5 77528 database optional mysql-client_5.5.33+dfsg-1_all.deb
5bae53a025cd5be0c8e16eda6e5fc286 673208 libs optional libmysqlclient18_5.5.33+dfsg-1_amd64.deb
eb22899877e9c0a33bc62f4e6b09fa81 3165026 libdevel optional libmysqld-pic_5.5.33+dfsg-1_amd64.deb
2773fae84185bc5601137862251842ce 3163218 libdevel optional libmysqld-dev_5.5.33+dfsg-1_amd64.deb
67d7aa8c2d73cf1a54386335f23dc740 945798 libdevel optional libmysqlclient-dev_5.5.33+dfsg-1_amd64.deb
273dcffd362dd3cf6c18fac79b8255e9 1837902 database optional mysql-client-5.5_5.5.33+dfsg-1_amd64.deb
75b3be34c70af9d028a50ef29f1cc39b 3789848 database optional mysql-server-core-5.5_5.5.33+dfsg-1_amd64.deb
141cd7e448d0fa25b692c16683451569 1800260 database optional mysql-server-5.5_5.5.33+dfsg-1_amd64.deb
3bebb842b48228968e1b775ba3730406 4258552 database optional mysql-testsuite-5.5_5.5.33+dfsg-1_amd64.deb
7208202ea5d5e2f33dabda200b88fe3d 22791016 database optional mysql-source-5.5_5.5.33+dfsg-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQEcBAEBAgAGBQJSRN/AAAoJEFOMB2b0vLOOSQ8IAKqxmdQATUpW90opcv+l+NLc
1/bgwujiutqhYQ6EOng52PO4Nt81xpXREIHP5UTSEnmVTSp6cSwQrVqMiQgAnPdo
srw0BjcrNJ7KGA2V3xYuLuFoq2khdJtM7rinYXpxsbDeHRUOCO0vLJMYRJdoctHi
1e2k15v7DwRvCFjqGjv5bf7LlhzFsFMuWliFV1bl/hRGFNVHxBvT8Xpa6L7Zl/dG
BtQDZqz2OJ5bBbUANsVMn/B9rvs50eccEK8zLCNJTye57Xu7JKHXY8ZXhdnIQp6M
5TThRqsDHn2vnF6CwG9Cpoz5khrMvch4nTqqLUw2Edk8Z6e1dXJG7Fl0qqJT+rU=
=dr4Y
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 06 Nov 2013 07:28:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:09:35 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.