Your message dated Wed, 30 Aug 2006 23:05:18 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#375694: fixed in mysql-dfsg-4.1 4.1.11a-4sarge5 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message --- Package: mysql-server-4.1
Version: 4.1.11a-4sarge4
Severity: maybe critical
The bug can be reproduced by entering the following SQL code:
select date_format('%Y-%m-%d %H:%i:%s', 1151414896);
It's not correct SQL, and I expect a syntax error, but it should not crash the server!
I think it can be simplified to:
select date_format('%d%s', 1);
I tried on different machines:
Debian GNU/Linux 3.1, mysql-server-4.1 4.1.11a-4sarge4
Linux skool 2.6.11 #2 SMP Thu May 26 20:53:11 CEST 2005 i686 GNU/Linux
Debian GNU/Linux 3.0, mysql-server-4.1 4.1.11a-4sarge4
Linux KSKO04 2.4.23-xfs #1 SMP Mi Dez 10 22:25:03 CET 2003 i686 GNU/Linux
Sample Run:
[EMAIL PROTECTED]:~$ mysql -u root -h 192.168.1.104
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 219 to server version: 4.1.11-Debian_4sarge2-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> select date_format('%Y-%m-%d %H:%i:%s', 1151414896);
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> select date_format('%Y-%m-%d %H:%i:%s', 1151414896);
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 1
Current database: *** NONE ***
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
mysql> select;
ERROR 2006 (HY000): MySQL server has gone away
....
logs from syslog:
Jun 27 17:19:25 skool mysqld[28116]: mysqld got signal 11;
Jun 27 17:19:25 skool mysqld[28116]: This could be because you hit a bug. It is also possible that this binary
Jun 27 17:19:25 skool mysqld[28116]: or one of the libraries it was linked against is corrupt, improperly built,
Jun 27 17:19:25 skool mysqld[28116]: or misconfigured. This error can also be caused by malfunctioning hardware.
Jun 27 17:19:25 skool mysqld[28116]: We will try our best to scrape up some info that will hopefully help diagnose
Jun 27 17:19:25 skool mysqld[28116]: the problem, but since we have already crashed, something is definitely wrong
Jun 27 17:19:25 skool mysqld[28116]: and this may fail.
Jun 27 17:19:25 skool mysqld[28116]:
Jun 27 17:19:25 skool mysqld[28116]: key_buffer_size=16777216
Jun 27 17:19:25 skool mysqld[28116]: read_buffer_size=131072
Jun 27 17:19:25 skool mysqld[28116]: max_used_connections=11
Jun 27 17:19:25 skool mysqld[28116]: max_connections=100
Jun 27 17:19:25 skool mysqld[28116]: threads_connected=2
Jun 27 17:19:25 skool mysqld[28116]: It is possible that mysqld could use up to
Jun 27 17:19:25 skool mysqld[28116]: key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 233983 K
Jun 27 17:19:25 skool mysqld[28116]: bytes of memory
Jun 27 17:19:25 skool mysqld[28116]: Hope that's ok; if not, decrease some variables in the equation.
Jun 27 17:19:25 skool mysqld[28116]:
Jun 27 17:19:25 skool mysqld[28116]: thd=0x8bd1158
Jun 27 17:19:25 skool mysqld[28116]: Attempting backtrace. You can use the following information to find out
Jun 27 17:19:25 skool mysqld[28116]: where mysqld died. If you see no messages after this, something went
Jun 27 17:19:25 skool mysqld[28116]: terribly wrong...
Jun 27 17:19:25 skool mysqld[28116]: Cannot determine thread, fp=0xb147fc7c, backtrace may not be correct.
Jun 27 17:19:25 skool mysqld[28116]: Stack range sanity check OK, backtrace follows:
Jun 27 17:19:25 skool mysqld[28116]: 0x818935f
Jun 27 17:19:25 skool mysqld[28116]: 0xffffe420
Jun 27 17:19:25 skool mysqld[28116]: 0x38363032
Jun 27 17:19:25 skool mysqld[28116]: Stack trace seems successful - bottom reached
Jun 27 17:19:25 skool mysqld[28116]: Please read http://dev.mysql.com/doc/mysql/en/Using_stack_trace.html and follow instruc
tions on how to resolve the stack trace. Resolved
Jun 27 17:19:25 skool mysqld[28116]: stack trace is much more helpful in diagnosing the problem, so please do
Jun 27 17:19:25 skool mysqld[28116]: resolve it
Jun 27 17:19:25 skool mysqld[28116]: Trying to get some variables.
Jun 27 17:19:25 skool mysqld[28116]: Some pointers may be invalid and cause the dump to abort...
Jun 27 17:19:25 skool mysqld[28116]: thd->query at 0x8bd45f0 = select date_format('%Y-%m-%d %H:%i:%s', 1151414896)
Jun 27 17:19:25 skool mysqld[28116]: thd->thread_id=19
Jun 27 17:19:25 skool mysqld[28116]: The manual page at http://www.mysql.com/doc/en/Crashing.html contains
Jun 27 17:19:25 skool mysqld[28116]: information that should help you find out what is causing the crash.
Jun 27 17:19:25 skool mysqld_safe[1653]: Number of processes running now: 0
Jun 27 17:19:25 skool mysqld_safe[1655]: restarted
Jun 27 17:19:25 skool mysqld[1658]: 060627 17:19:25 InnoDB: Database was not shut down normally!
Jun 27 17:19:25 skool mysqld[1658]: InnoDB: Starting crash recovery.
Jun 27 17:19:25 skool mysqld[1658]: InnoDB: Reading tablespace information from the .ibd files...
Jun 27 17:19:25 skool mysqld[1658]: InnoDB: Restoring possible half-written data pages from the doublewrite
Jun 27 17:19:25 skool mysqld[1658]: InnoDB: buffer...
Jun 27 17:19:25 skool mysqld[1658]: 060627 17:19:25 InnoDB: Starting log scan based on checkpoint at
Jun 27 17:19:25 skool mysqld[1658]: InnoDB: log sequence number 0 5847414.
Jun 27 17:19:25 skool mysqld[1658]: InnoDB: Doing recovery: scanned up to log sequence number 0 5847414
Jun 27 17:19:25 skool mysqld[1658]: InnoDB: Last MySQL binlog file position 0 79, file name /var/log/mysql/mysql-bin.000204
Jun 27 17:19:25 skool mysqld[1658]: 060627 17:19:25 InnoDB: Flushing modified pages from the buffer pool...
Jun 27 17:19:26 skool mysqld[1658]: 060627 17:19:26 InnoDB: Started; log sequence number 0 5847414
Jun 27 17:19:26 skool mysqld[1658]: /usr/sbin/mysqld: ready for connections.
Jun 27 17:19:26 skool mysqld[1658]: Version: '4.1.11-Debian_4sarge4-log' socket: '/var/run/mysqld/mysqld.sock' port: 3306 Source distribution
jean-david maillefer - developer/network manager
http://www.kesako.ch
_________________
[kesako] - IT & internet solutions
18, rue des terreaux
case postale 967
CH-1001 lausanne
T: +41-21 3517700
F: +41-21 3517701
plan a meeting http://agenda.kesako.ch/meet/jean-david
Ce message et les documents qui y sont attachés sont confidentiels et couverts par le secret professionnel. Ils ne sont destinés qu'aux seules personnes désignées ci-dessus. Ils ne doivent pas être diffusés ni leur contenu utilisé ou divulgué. Dans le cas où ce message et les documents attachés vous seraient parvenus par erreur, nous vous remercions de les détruire aussitôt et de nous informer de l'erreur commise.
This message and the attached documents are confidential and covered by professional secrecy. They are intended to their adresses only. They should not be used for any purpose and their content should not be disclosed to anyone. In case you have received this message and the attached documents by mistake, please advise us and delete them immediately.
--- End Message ---
--- Begin Message ---Source: mysql-dfsg-4.1 Source-Version: 4.1.11a-4sarge5 We believe that the bug you reported is fixed in the latest version of mysql-dfsg-4.1, which is due to be installed in the Debian FTP archive: libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb to pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb libmysqlclient14_4.1.11a-4sarge5_i386.deb to pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_i386.deb mysql-client-4.1_4.1.11a-4sarge5_i386.deb to pool/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_i386.deb mysql-common-4.1_4.1.11a-4sarge5_all.deb to pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge5_all.deb mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz to pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz mysql-dfsg-4.1_4.1.11a-4sarge5.dsc to pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.dsc mysql-server-4.1_4.1.11a-4sarge5_i386.deb to pool/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christian Hammers <[EMAIL PROTECTED]> (supplier of updated mysql-dfsg-4.1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 16 Jun 2006 09:52:12 +0000 Source: mysql-dfsg-4.1 Binary: libmysqlclient14-dev mysql-common-4.1 libmysqlclient14 mysql-server-4.1 mysql-client-4.1 Architecture: source i386 all Version: 4.1.11a-4sarge5 Distribution: stable-security Urgency: low Maintainer: Christian Hammers <[EMAIL PROTECTED]> Changed-By: Christian Hammers <[EMAIL PROTECTED]> Description: libmysqlclient14 - mysql database client library libmysqlclient14-dev - mysql database development files mysql-client-4.1 - mysql database client binaries mysql-common-4.1 - mysql database common files (e.g. /etc/mysql/my.cnf) mysql-server-4.1 - mysql database server binaries Closes: 373913 375694 Changes: mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low . * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko <[EMAIL PROTECTED]>. Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David <[EMAIL PROTECTED]> and filed as MySQL bug #20729. Closes: #375694 Files: 9cd4f7df9345856d06846e0ddb50b9ee 1021 misc optional mysql-dfsg-4.1_4.1.11a-4sarge5.dsc e45db0b01b3adaf09500d54090f3a1e1 168442 misc optional mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz e8115191126dc0b373a53024e5c78733 36520 misc optional mysql-common-4.1_4.1.11a-4sarge5_all.deb ab5768abe67a1d21c714a078f2ec86f0 1418036 libs optional libmysqlclient14_4.1.11a-4sarge5_i386.deb bf891e68e488947fd28a940a367d722f 5643732 libdevel optional libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb f5d4a9e5b289d895ba021190f907829f 830724 misc optional mysql-client-4.1_4.1.11a-4sarge5_i386.deb b580eeaf7a3806b95a07435acbe48e27 14558034 misc optional mysql-server-4.1_4.1.11a-4sarge5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEsq66Xm3vHE4uyloRAgB4AKDZu0uKZDSFB8uicz4G1oFrIR+YEwCgnzNr E3zati36cyhJRqWDcL2bP4Q= =HUF7 -----END PGP SIGNATURE-----
--- End Message ---
