[v2.5] MySQL: multiple vulnerabilities
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
•MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes
server. in file:///home/hf/wmar/todo-424/
•URL:
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
•MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB:
geometry query crashes mysqld
•URL: http://seclists.org/oss-sec/2013/q1/671
•MISC: https://bugzilla.redhat.com/show\_bug.cgi?id=919247
•CONFIRM: https://mariadb.atlassian.net/browse/MDEV-4252
•CONFIRM:
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
•SUSE:SUSE-SU-2013:1390
•URL:
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html
•SUSE:openSUSE-SU-2013:1335
•URL: http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html
•SUSE:openSUSE-SU-2013:1410
•URL: http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html
•SUSE:SUSE-SU-2013:1529
•URL:
http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html
•UBUNTU:USN-1909-1
•URL: http://www.ubuntu.com/usn/USN-1909-1
•BID:58511
•URL: http://www.securityfocus.com/bid/58511
•OSVDB:91415
•URL: http://www.osvdb.org/91415
•SECUNIA:52639
•URL: http://secunia.com/advisories/52639
•SECUNIA:54300
•URL: http://secunia.com/advisories/54300
•XF:mysql-mariadb-cve20131861-dos(82895)
•URL: http://xforce.iss.net/xforce/xfdb/82895
(from redmine: issue id 2502, created on 2013-12-17, closed on 2014-01-15)
- Relations:
- parent #2500 (closed)
- Changesets:
- Revision bf19353d on 2013-12-17T15:57:02Z:
main/mysql: security upgrade to 5.5.25 (CVE-2013-3783, CVE-2013-3793, CVE-2013-3802, CVE-2013-3804, CVE-2013-3809, CVE-2013-3812, CVE-2013-3839, CVE-2013-5807). Fixes #2502