Package: mysql-server-5.0
Version: 5.0.32-7etch1
Severity: grave
Tags: security
Justification: user security hole
It's the thir time the server dies, it happened twice with previous
version in Etch and it just happened again with the current one, which I
thought solved the problem.
The server dies with the SELECT query shown below. The three times
occured right after a WHERE MATCH () AGAINST ('"word"' IN BOOLEAN MODE)
where " were used and the word's first character was an utf-8 accented
char.
I tried repeating the bug in another server, but it only happens
randomly in a very busy web server (http://meneame.net).
ar 22 21:44:31 web4 mysqld[4459]: thd=0x2aaaabe008d0
Mar 22 21:44:31 web4 mysqld[4459]: Attempting backtrace. You can use the
following information to find out
Mar 22 21:44:31 web4 mysqld[4459]: where mysqld died. If you see no
messages after this, something went
Mar 22 21:44:31 web4 mysqld[4459]: terribly wrong...
Mar 22 21:44:31 web4 mysqld[4459]: Cannot determine thread,
fp=0x404e5190, backtrace may not be correct.
Mar 22 21:44:31 web4 mysqld[4459]: Stack range sanity check OK,
backtrace follows:
Mar 22 21:44:31 web4 mysqld[4459]: (nil)
Mar 22 21:44:31 web4 mysqld[4459]: Stack trace seems successful - bottom
reached
Mar 22 21:44:31 web4 mysqld[4459]: Please read
http://dev.mysql.com/doc/mysql/en/using-stack-trace.html and follow
instructions on how to resolve the stack trace. Resolved
Mar 22 21:44:31 web4 mysqld[4459]: stack trace is much more helpful in
diagnosing the problem, so please do
Mar 22 21:44:31 web4 mysqld[4459]: resolve it
Mar 22 21:44:31 web4 mysqld[4459]: Trying to get some variables.
Mar 22 21:44:31 web4 mysqld[4459]: Some pointers may be invalid and
cause the dump to abort...
Mar 22 21:44:31 web4 mysqld[4459]: thd->query at 0xeda6f0 = SELECT
count(*) FROM links WHERE MATCH (link_url, link_url_title, link_title,
link_content, link_tags) AGAINST ('"Écija"' IN BOOLEAN MODE) AND
(link_status != 'discard' OR (link_status = 'discard' AND link_date >
date_sub(now(), interval 7 day) AND link_votes > 0))
Mar 22 21:44:31 web4 mysqld[4459]: thd->thread_id=206439
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages mysql-server-5.0 depends on:
ii adduser 3.102 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libdbi-perl 1.53-1 Perl5 database interface by Tim Bu
ii libgcc1 1:4.1.1-21 GCC support library
ii libmysqlclient15off 5.0.32-7etch1 mysql database client library
ii libncurses5 5.5-5 Shared libraries for terminal hand
ii libreadline5 5.2-2 GNU readline and history libraries
ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3
ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii mysql-client-5.0 5.0.32-7etch1 mysql database client binaries
ii mysql-common 5.0.32-7etch1 mysql database common files (e.g.
ii passwd 1:4.0.18.1-7 change and administer password and
ii perl 5.8.8-7 Larry Wall's Practical Extraction
ii psmisc 22.3-1 Utilities that use the proc filesy
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages mysql-server-5.0 recommends:
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
-- debconf information:
mysql-server-5.0/really_downgrade: false
mysql-server-5.0/need_sarge_compat: false
mysql-server-5.0/start_on_boot: true
mysql-server/error_setting_password:
mysql-server-5.0/nis_warning:
mysql-server-5.0/postrm_remove_databases: false
mysql-server-5.0/need_sarge_compat_done: true
