[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
We had no further report, so we should (while cleaning up bugs) assume it indeed got fixed. Since thereby >=Bionic is good and < Bionic has entered extended support I think this is done. ** Changed in: mysql-5.7 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
If it's indeed fixed in 5.7.19, then bionic and later are fixed. Can someone verify? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
The bug is fixed in MySQL 5.7.19 - see https://forums.mysql.com/read.php?3,658909,658909 Link to mysql-bug: https://bugs.mysql.com/bug.php?id=84708 The Oracle-Bug-ID is 25476479 In Ubuntu-changelog are only Security-Errors marked: https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.19-0ubuntu1 Is this bug-fix also included? best regards -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
Affected version: # dpkg-query -W mysql-server-5.7 mysql-server-5.75.7.17-0ubuntu0.16.04.2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
The bug #84708 on mysql is fixed. Please have a look to fix this possible fast because all servers with recommended "ALL: PARANOID" in hosts.deny can be brought to their knees by a single connection from a misconfigurated ip-address (aka botnet). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
Thank you for the update Daniel. There's a further comment now from the same person in the upstream bug tracker: "Turns out that this is a real bug that needs fixing in the code" So I'll mark this Triaged, but I don't expect that Ubuntu will be able to do anything about this until there is a fix released upstream. ** Also affects: mysql-server via http://bugs.mysql.com/bug.php?id=84708 Importance: Unknown Status: Unknown ** Changed in: mysql-5.7 (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
upstream bug: https://bugs.mysql.com/bug.php?id=84708 "Usage of tcp wrappers is totally non-researched and not documented. Hence, our manual should contain recommendations on the usage of these daemons." ** Bug watch added: MySQL Bug System #84708 http://bugs.mysql.com/bug.php?id=84708 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
Robie, I did not keep the virtual machine. On a host where the problem occured first we have mysql-server-5.75.7.17-0ubuntu0.16.04.1 I just repeated the steps described above in a fresh lxc machine and again got mysql-server-5.75.7.17-0ubuntu0.16.04.1 regards -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
** Changed in: mysql-5.7 (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
Hadmut, could you report the package version number of mysql-5.7 in which you are seeing this please? The command "dpkg-query -W mysql- server-5.7" will output this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
** Tags added: needs-upstream-report -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1663552] Re: Denial of Service: mysql-server going berserk when contacted by unauthorized client
Thanks for the bug Hadmut; I'm marking this public so that administrators can more quickly learn that using tcpwrappers for access control has the potential for trouble with mysqld, and can switch to iptables or other firewalling as appropriate. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1663552 Title: Denial of Service: mysql-server going berserk when contacted by unauthorized client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1663552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
