libmysqlclient21 crashes if certain collation definitions are found in MySQL's sharedir
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-8.0 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Note: This was originally reported as https:/
[Impact]
libmysqlclient21 does not by default include any charset files in Ubuntu, but it will use charset files found in /usr/share/mysql/
If the usr/share/
The segmentation fault does not happen with 8.0.19, so this is a regression from earlier versions.
[Test Case]
* Install libmysqlclient21, libmysqlclient-dev and mysql-server
* Connect to the database with "sudo mysql" and run the attached init.sql (just creates a test user with access to a test database)
* Compile attached mysql_test.c (file has full gcc command needed)
* Run the mysql_test program. It will output a few lines (contents of test table)
* Now replace /usr/share/
* Run the mysql_test program. It will produce a segmentation fault
[Regression Potential]
The patch itself only blocks out a single function call on a pointer if that pointer is null, but it doesn't fix the underlying issue of the charset parser picking up unexpected definition files (but this problem is present in versions prior to 8.0.20 as well)
CVE References
- 2020-14539
- 2020-14540
- 2020-14547
- 2020-14550
- 2020-14553
- 2020-14559
- 2020-14568
- 2020-14575
- 2020-14576
- 2020-14586
- 2020-14591
- 2020-14597
- 2020-14619
- 2020-14620
- 2020-14623
- 2020-14624
- 2020-14631
- 2020-14632
- 2020-14633
- 2020-14634
- 2020-14641
- 2020-14643
- 2020-14651
- 2020-14654
- 2020-14656
- 2020-14663
- 2020-14678
- 2020-14680
- 2020-14697
- 2020-14702
description: | updated |
This bug was fixed in the package mysql-8.0 - 8.0.21- 0ubuntu0. 20.04.3
--------------- 0ubuntu0. 20.04.3) focal-security; urgency=medium
mysql-8.0 (8.0.21-
* SECURITY UPDATE: Update to 8.0.21 to fix security issues 2020-14553, CVE-2020-14559, CVE-2020-14568, CVE-2020-14575, 2020-14576, CVE-2020-14586, CVE-2020-14591, CVE-2020-14597, 2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, 2020-14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, 2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, 2020-14656, CVE-2020-14663, CVE-2020-14678, CVE-2020-14680, 2020-14697, CVE-2020-14702 tests/upstream: disable some tests that have expired tests/upstream: disable new test that can't locate safe_process binary. mysql-router. install, debian/ mysql-server- core-8. 0.install, mysql-testsuite -8.0.install: use wildcard for libprotobuf-lite mysql-router. install: added router_protobuf.so. mysql-testsuite -8.0.install: added test_component_ deinit. so. patches/ charset_ file_crash. patch: don't crash on malformed largest- lock-free- type-selector- on-riscv. patch: Force lock_free_ type_selector instead of free_type_ selector when compiling for RISC-V, since the
- CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550,
CVE-
CVE-
CVE-
CVE-
CVE-
CVE-
CVE-
* debian/rules: disable some tests that have expired certificates until
new ones can be obtained from the upstream repo.
* debian/
certificates until new ones can be obtained from the upstream repo.
* debian/
mysqltest_
* debian/
debian/
library version.
* debian/
* debian/
component_
* debian/
charset files in mysys/charset.cc (LP: #1884809)
* Fix FTBFS on RISC-V.
- d/p/use-
the use of Largest_
Lock_
latter will cause a compilation failure due to RISC-V's
inability to provide the always-lock-free property for some
specific types.
-- Marc Deslauriers <email address hidden> Mon, 27 Jul 2020 11:58:55 -0400