Red Hat Enterprise Linux 6 (RHEL) and Red Hat Enterprise Linux 7 (RHEL 7) are affected by CVE-2019-1068 - InnoDB Regular Expression Parsing Code Execution Vulnerability. Red Hat Enterprise Linux 5 (RHEL 5) is not affected by this issue. RHEL is a Linux distribution derived from an ancient collection of Unix/BSD code. It is widely used in corporate data centers, by software developers, and by anyone who wants an enterprise-class reliable OS. Red Hat Enterprise Linux is the Red Hat branded version of Red Hat Enterprise Linux.

RHEL 6 ( 2012-06-13)

Red Hat Enterprise Linux 6, launched in June 2012 and supported until 2021, has a vulnerability that could lead to remote code execution of an attacker.

Description of the Vulnerability

CVE-2019-1068 is a vulnerability in InnoDB regular expression parsing code execution vulnerability in Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. According to the Red Hat Product Security, "An attacker could exploit this vulnerability by sending specially crafted queries that use regexp patterns of a predictable pattern." If exploited, the attacker could gain root access to the server or cause a denial-of-service condition. The severity of this issue is unknown at this time.

Summary of InnoDB Regular Expression Parsing Code Execution Vulnerability

An issue was discovered in InnoDB regular expression parsing code where a specially crafted regular expression could cause a buffer overflow. An unauthenticated, remote attacker could exploit this vulnerability to crash the mysqld daemon.

Check if your system is affected by CVE-2019-1068

To check if your system is affected by CVE-2019-1068, run the following command:
rpm -q innodb | grep "CVE-2019-1068"

RHEL 6 (December 2013 - July 2017)

In July 2017, Red Hat released RHEL 6. RHEL 6 also received a security update to fix CVE-2016-1286 - TCP connection hijacking vulnerability.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References