CVE-2009-0819

Publication date 5 March 2009

Last updated 24 July 2024

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-5.1	10.10 maverick	Not affected
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
mysql-dfsg-5.0	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored
	6.06 LTS dapper	Not affected
mysql-dfsg-5.1	10.10 maverick	Not in release
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Ignored
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

Notes

mdeslaur

debian says vulnerable code was introduced in 5.1.5 confirmed, code not present in 5.0.x

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
mysql-dfsg-5.1	Upstream: http://lists.mysql.com/commits/65127

References

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0819