CVE-2013-1861

Publication date 28 March 2013

Last updated 24 July 2024

Ubuntu priority

Description

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-5.5	13.04 raring	Fixed 5.5.32-0ubuntu0.13.04.1
	12.10 quantal	Fixed 5.5.32-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 5.5.32-0ubuntu0.12.04.1
	11.10 oneiric	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
mysql-dfsg-5.1	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	10.04 LTS lucid	Fixed 5.1.70-0ubuntu0.10.04.1
	8.04 LTS hardy	Not in release

Notes

mdeslaur

Fixed in 5.1.70, 5.5.32, 5.6.12

seth-arnold

Not actually fixed in 1807-1 -- my mistake

References

Related Ubuntu Security Notices (USN)

USN-1909-1
MySQL vulnerabilities
25 July 2013