Are the MySQL packages shipped with Red Hat Enterprise Linux vulnerable to the security issues resolved in MySQL 5.1.49?

Solution Verified - Updated -


Are the mysql packages shipped with Red Hat Enterprise Linux vulnerable to the security issues mentioned in the MySQL 5.1 Reference Manual, Section D.1.5.: Changes in MySQL 5.1.49 (09 July 2010)?   That section of the manual mentions several security vulnerabilities, including the following:

  1. InnoDB Storage Engine: Security Fix: After changing the values of the innodb_file_format or innodb_file_per_table configuration parameters, DDL statements could cause a server crash.
  2. Security Fix: Joins involving a table with a unique SET column could cause a server crash.
  3. Security Fix: Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE).
  4. Security Fix: A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash.
  5. Security Fix: Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash.
  6. Security Fix: The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface.
  7. Security Fix: Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash.
  8. Security Fix: LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported. Also, an assert related to client/server protocol checking in debug servers sometimes was raised when it should not have been.


  • Red Hat Enterprise Linux 3, 4, 5, and 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content