Package: mysql-dfsg-4.1
Version: 4.1.12-1 (not installed)
Severity: grave
Tags: security patch
MySQL bundles a copy of zlib, which is vulnerable to DoS and potential
arbitrary code execution due to a buffer overflow in the inflate function.
This is fixed in latest 4.1.13 upstream or in the Bitkeeper patch I've
attached. Please refer to CAN-2005-2096 is the changelog when fixing this.
MySQL 4.0 is not affected as it uses a non-vulnerable version of zlib.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.30-univention.2 #1 SMP Thu May 12 13:53:52 CEST 2005
i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]
--- Begin Message ---
Below is the list of changes that have just been committed into a local
4.1 repository of jimw. When jimw does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet
1.2335 05/07/11 10:37:21 [EMAIL PROTECTED] +1 -0
Apply security patch to bundled zlib for CAN-2005-2096. (Bug #11844)
zlib/inftrees.c
1.4 05/07/11 09:55:03 [EMAIL PROTECTED] +1 -1
Apply security patch for CAN-2005-2096
# This is a BitKeeper patch. What follows are the unified diffs for the
# set of deltas contained in the patch. The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User: jimw
# Host: rama.(none)
# Root: /home/jimw/my/mysql-4.1-11844
--- 1.3/zlib/inftrees.c 2005-03-23 12:08:04 -08:00
+++ 1.4/zlib/inftrees.c 2005-07-11 09:55:03 -07:00
@@ -134,7 +134,7 @@
left -= count[len];
if (left < 0) return -1; /* over-subscribed */
}
- if (left > 0 && (type == CODES || (codes - count[0] != 1)))
+ if (left > 0 && (type == CODES || max != 1))
return -1; /* incomplete set */
/* generate offsets into symbol table for each length for sorting */
--- End Message ---
