CVE-2007-5925

Publication date 10 November 2007

Last updated 24 July 2024

Ubuntu priority

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-dfsg-5.0	7.10 gutsy	Fixed 5.0.45-1ubuntu3.1
	7.04 feisty	Fixed 5.0.38-0ubuntu1.2
	6.10 edgy	Fixed 5.0.24a-9ubuntu2.2
	6.06 LTS dapper	Fixed 5.0.22-0ubuntu6.06.6

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

unrelated LP bug #161127 should be fixed with this update

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-559-1
MySQL vulnerabilities
21 December 2007

USN-1397-1
MySQL vulnerabilities
12 March 2012

Other references

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:243
https://rhn.redhat.com/errata/RHSA-2007-1155.html
https://www.cve.org/CVERecord?id=CVE-2007-5925