FreeBSD : mysql -- ALTER MERGE denial of service vulnerability (06a6b2cf-484b-11d9-813c-00065be4b5b6)
Low Nessus Plugin ID 18830
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionDean Ellis reported a denial of service vulnerability in the MySQL server :
Multiple threads ALTERing the same (or different) MERGE tables to change the UNION eventually crash the server or hang the individual threads.
Note that a script demonstrating the problem is included in the MySQL bug report. Attackers that have control of a MySQL account can easily use a modified version of that script during an attack.
SolutionUpdate the affected packages.