In association with heise online

13 December 2007, 16:45

Updates for MySQL remedy vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the widely used MySQL open source database have released new versions and announced others to remedy three vulnerabilities. Under certain circumstances, attackers can reportedly manipulate information in a system table by replacing symbolic links when a table is renamed. The security advisory at does not provide any further details.

In addition, a server can be crashed when it is handling federated tables, which are stored on another database server; MySQL queries them remotely. If the remote server then responds with fewer columns than expected, the local server crashes.

Furthermore, in some cases a flaw in the command ALTER VIEW may allow a user to inherit a previous user's right to that view. The flaws affect all versions of MySQL. They have, however, been remedied in the currently available versions MySQL Enterprise 5.0.52 [MRU] and MySQL Community Server 5.0.51. The flaws have also reportedly been remedied in MySQL 5.1.23 and MySQL 6.0.4, though the latter is not yet officially available for downloading.

In addition to security fixes, a number of improvements have been made to the database. Finally, numerous minor flaws that did not affect security have also been remedied.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit