CVE-2009-4019

Published: 30 November 2009

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

Priority

Medium

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg-4.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg-5.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://lists.mysql.com/commits/88069 (for 1st bug)
Upstream: http://lists.mysql.com/commits/88742 (for 2nd bug)
mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://lists.mysql.com/commits/87482 (patch is incomplete, use 5.0 patch)
upstream: no commit for 2nd bug, check with 5.0