MySQL update addresses DoS vulnerability
Oracle has released version 5.1.51 of MySQL, a security update that addresses a Denial of Service (DoS) vulnerability in the open source database. According to security specialist Secunia, an error in the processing of arguments passed to the LEAST()
or GREATEST()
functions could be exploited by a malicious user to cause a server crash, leading to a DoS condition. All versions up to and including 5.1.50 are reportedly affected.
Other issues include a privilege escalation bug in versions prior to 5.1.50 that could be exploited to execute arbitrary SQL statements with superuser privileges. All users are encouraged to upgrade to the latest release.
More details about the update, including a full list of changes, can be found in the change log. MySQL 5.1.51 is available to download from the project's site and is licensed under the GPL.
See also:
- MySQL Multiple Vulnerabilities, the security advisory from Secunia.
- First release candidate of MySQL 5.5 with InnoDB as a default, a report from The H.
(crve)