Are the mysql packages shipped with Red Hat Enterprise Linux vulnerable to the security issues mentioned in the MySQL 5.1 Reference Manual, Section D.1.5.: Changes in MySQL 5.1.49 (09 July 2010)? That section of the manual mentions several security vulnerabilities, including the following:
- InnoDB Storage Engine: Security Fix: After changing the values of the innodb_file_format or innodb_file_per_table configuration parameters, DDL statements could cause a server crash.
- Security Fix: Joins involving a table with a unique SET column could cause a server crash.
- Security Fix: Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE).
- Security Fix: A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash.
- Security Fix: Use of TEMPORARY InnoDB tables with nullable columns could cause a server crash.
- Security Fix: The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface.
- Security Fix: Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash.
- Security Fix: LOAD DATA INFILE did not check for SQL errors and sent an OK packet even when errors were already reported. Also, an assert related to client/server protocol checking in debug servers sometimes was raised when it should not have been.
- Red Hat Enterprise Linux 3, 4, 5, and 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.