CVE-2010-3679

Priority
Medium
Description
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a
denial of service (mysqld daemon crash) via certain arguments to the BINLOG
command, which triggers an access of uninitialized memory, as demonstrated
by valgrind.
References
Bugs
Notes
jdstrand> mysql-cluster-7.0 not supported per server team
mdeslaur> code doesn't seem present in 5.0.x
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):ignored
Ubuntu 11.04 (Natty Narwhal):ignored
Ubuntu 11.10 (Oneiric Ocelot):ignored
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:released (5.1.49)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (5.1.41-3ubuntu12.7)
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Patches:
Upstream:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3436
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:released (5.1.49)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):not-affected (5.1.49-1ubuntu8)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (5.1.49-1ubuntu8)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (5.1.49-1ubuntu8)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:26 UTC (commit 5347)