Are the MySQL packages shipped with Red Hat Enterprise Linux vulnerable to the security issues mentioned in the MySQL 5.1 Reference Manual, Section D.1.2.: Changes in MySQL 5.1.51 (10 September 2010)? That section of the manual mentions several security vulnerabilities, including the following:
- Security Fix: During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash.
- Security Fix: The server could crash after materializing a derived table that required a temporary table for grouping.
- Security Fix: A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted.
- Security Fix: Pre-evaluation of LIKE predicates during view preparation could cause a server crash.
- Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a server crash.
- Security Fix: Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table.
- Security Fix: Queries with nested joins could cause an infinite loop in the server when used from stored procedures and prepared statements.
- Security Fix: The PolyFromWKB() function could crash the server when improper WKB data was passed to the function.
- Red Hat Enterprise Linux 3, 4, 5, and 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.