Upstream information

CVE-2008-3963 at MITRE

Description

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4
Vector AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 424795 [RESOLVED / FIXED], 497546 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise SDK 10 SP2
  • mysql >= 5.0.26-12.22
  • mysql-Max >= 5.0.26-12.22
  • mysql-bench >= 5.0.26-12.22
  • mysql-client >= 5.0.26-12.22
  • mysql-devel >= 5.0.26-12.22
  • mysql-shared >= 5.0.26-12.22
sled10.x86-64
sle10-sp2-sdk.ia64
sled10-sp2.x86
sles10.x86
sles10-sp2-debuginfo.x86
sle10-sp2-sdk.x86
sle10-sp1-sdk.ia64
sles10-sp2.x86
sles10-sp2.s390x
sles10-sp2-debuginfo.ppc
sles10-sp2-debuginfo.s390x
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sles10.s390x
sles10.x86-64
sles10-sp2.ppc
sles10-sp2.ia64
sle10-sp2-sdk.ppc
sled10.x86
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.ia64
sle10-sp1-sdk.ppc
sled10-sp2.x86-64
sles10-sp2-debuginfo.x86-64
sles10.ia64
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.s390x
sles10.ppc
sle10-sp1-sdk.x86
ZYPP Patch Nr: 5618
SUSE Linux Enterprise SDK 10 SP2
  • mysql >= 5.0.26-12.22
  • mysql-Max >= 5.0.26-12.22
  • mysql-bench >= 5.0.26-12.22
  • mysql-client >= 5.0.26-12.22
  • mysql-devel >= 5.0.26-12.22
  • mysql-shared >= 5.0.26-12.22
  • mysql-shared-x86 >= 5.0.26-12.22
sled10.x86-64
sle10-sp2-sdk.ia64
sled10-sp2.x86
sles10.x86
sles10-sp2-debuginfo.x86
sle10-sp2-sdk.x86
sle10-sp1-sdk.ia64
sles10-sp2.x86
sles10-sp2.s390x
sles10-sp2-debuginfo.ppc
sles10-sp2-debuginfo.s390x
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sles10.s390x
sles10.x86-64
sles10-sp2.ppc
sles10-sp2.ia64
sle10-sp2-sdk.ppc
sled10.x86
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.ia64
sle10-sp1-sdk.ppc
sled10-sp2.x86-64
sles10-sp2-debuginfo.x86-64
sles10.ia64
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.s390x
sles10.ppc
sle10-sp1-sdk.x86
ZYPP Patch Nr: 5618
SUSE Linux Enterprise SDK 10 SP2
  • mysql >= 5.0.26-12.22
  • mysql-Max >= 5.0.26-12.22
  • mysql-bench >= 5.0.26-12.22
  • mysql-client >= 5.0.26-12.22
  • mysql-devel >= 5.0.26-12.22
  • mysql-shared >= 5.0.26-12.22
  • mysql-shared-64bit >= 5.0.26-12.22
sled10.x86-64
sle10-sp2-sdk.ia64
sled10-sp2.x86
sles10.x86
sles10-sp2-debuginfo.x86
sle10-sp2-sdk.x86
sle10-sp1-sdk.ia64
sles10-sp2.x86
sles10-sp2.s390x
sles10-sp2-debuginfo.ppc
sles10-sp2-debuginfo.s390x
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sles10.s390x
sles10.x86-64
sles10-sp2.ppc
sles10-sp2.ia64
sle10-sp2-sdk.ppc
sled10.x86
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.ia64
sle10-sp1-sdk.ppc
sled10-sp2.x86-64
sles10-sp2-debuginfo.x86-64
sles10.ia64
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.s390x
sles10.ppc
sle10-sp1-sdk.x86
ZYPP Patch Nr: 5618
SUSE Linux Enterprise SDK 10 SP2
  • mysql >= 5.0.26-12.22
  • mysql-Max >= 5.0.26-12.22
  • mysql-bench >= 5.0.26-12.22
  • mysql-client >= 5.0.26-12.22
  • mysql-devel >= 5.0.26-12.22
  • mysql-shared >= 5.0.26-12.22
  • mysql-shared-32bit >= 5.0.26-12.22
sled10.x86-64
sle10-sp2-sdk.ia64
sled10-sp2.x86
sles10.x86
sles10-sp2-debuginfo.x86
sle10-sp2-sdk.x86
sle10-sp1-sdk.ia64
sles10-sp2.x86
sles10-sp2.s390x
sles10-sp2-debuginfo.ppc
sles10-sp2-debuginfo.s390x
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sles10.s390x
sles10.x86-64
sles10-sp2.ppc
sles10-sp2.ia64
sle10-sp2-sdk.ppc
sled10.x86
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.ia64
sle10-sp1-sdk.ppc
sled10-sp2.x86-64
sles10-sp2-debuginfo.x86-64
sles10.ia64
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.s390x
sles10.ppc
sle10-sp1-sdk.x86
ZYPP Patch Nr: 5618
openSUSE 11.0
  • mysql-debuginfo >= 5.0.51a-27.2
  • mysql-debugsource >= 5.0.51a-27.2
openSUSE 11.0
  • libmysqlclient-devel >= 5.0.51a-27.2
  • libmysqlclient15 >= 5.0.51a-27.2
  • libmysqlclient15-32bit >= 5.0.51a-27.2
  • libmysqlclient15-64bit >= 5.0.51a-27.2
  • libmysqlclient_r15 >= 5.0.51a-27.2
  • libmysqlclient_r15-32bit >= 5.0.51a-27.2
  • libmysqlclient_r15-64bit >= 5.0.51a-27.2
  • mysql >= 5.0.51a-27.2
  • mysql-Max >= 5.0.51a-27.2
  • mysql-bench >= 5.0.51a-27.2
  • mysql-client >= 5.0.51a-27.2
  • mysql-debug >= 5.0.51a-27.2
  • mysql-tools >= 5.0.51a-27.2