Package: mysql-server-5.0 Version: 5.0.32-7etch1 Severity: grave Tags: security Justification: user security hole
It's the thir time the server dies, it happened twice with previous version in Etch and it just happened again with the current one, which I thought solved the problem. The server dies with the SELECT query shown below. The three times occured right after a WHERE MATCH () AGAINST ('"word"' IN BOOLEAN MODE) where " were used and the word's first character was an utf-8 accented char. I tried repeating the bug in another server, but it only happens randomly in a very busy web server (http://meneame.net). ar 22 21:44:31 web4 mysqld[4459]: thd=0x2aaaabe008d0 Mar 22 21:44:31 web4 mysqld[4459]: Attempting backtrace. You can use the following information to find out Mar 22 21:44:31 web4 mysqld[4459]: where mysqld died. If you see no messages after this, something went Mar 22 21:44:31 web4 mysqld[4459]: terribly wrong... Mar 22 21:44:31 web4 mysqld[4459]: Cannot determine thread, fp=0x404e5190, backtrace may not be correct. Mar 22 21:44:31 web4 mysqld[4459]: Stack range sanity check OK, backtrace follows: Mar 22 21:44:31 web4 mysqld[4459]: (nil) Mar 22 21:44:31 web4 mysqld[4459]: Stack trace seems successful - bottom reached Mar 22 21:44:31 web4 mysqld[4459]: Please read http://dev.mysql.com/doc/mysql/en/using-stack-trace.html and follow instructions on how to resolve the stack trace. Resolved Mar 22 21:44:31 web4 mysqld[4459]: stack trace is much more helpful in diagnosing the problem, so please do Mar 22 21:44:31 web4 mysqld[4459]: resolve it Mar 22 21:44:31 web4 mysqld[4459]: Trying to get some variables. Mar 22 21:44:31 web4 mysqld[4459]: Some pointers may be invalid and cause the dump to abort... Mar 22 21:44:31 web4 mysqld[4459]: thd->query at 0xeda6f0 = SELECT count(*) FROM links WHERE MATCH (link_url, link_url_title, link_title, link_content, link_tags) AGAINST ('"Écija"' IN BOOLEAN MODE) AND (link_status != 'discard' OR (link_status = 'discard' AND link_date > date_sub(now(), interval 7 day) AND link_votes > 0)) Mar 22 21:44:31 web4 mysqld[4459]: thd->thread_id=206439 -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages mysql-server-5.0 depends on: ii adduser 3.102 Add and remove users and groups ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libdbi-perl 1.53-1 Perl5 database interface by Tim Bu ii libgcc1 1:4.1.1-21 GCC support library ii libmysqlclient15off 5.0.32-7etch1 mysql database client library ii libncurses5 5.5-5 Shared libraries for terminal hand ii libreadline5 5.2-2 GNU readline and history libraries ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3 ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii mysql-client-5.0 5.0.32-7etch1 mysql database client binaries ii mysql-common 5.0.32-7etch1 mysql database common files (e.g. ii passwd 1:4.0.18.1-7 change and administer password and ii perl 5.8.8-7 Larry Wall's Practical Extraction ii psmisc 22.3-1 Utilities that use the proc filesy ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages mysql-server-5.0 recommends: ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent -- debconf information: mysql-server-5.0/really_downgrade: false mysql-server-5.0/need_sarge_compat: false mysql-server-5.0/start_on_boot: true mysql-server/error_setting_password: mysql-server-5.0/nis_warning: mysql-server-5.0/postrm_remove_databases: false mysql-server-5.0/need_sarge_compat_done: true