This is a Service Pack release of the MySQL Enterprise Server 5.0.
This section documents all changes and bugfixes that have been applied since the last MySQL Enterprise Server release (5.0.66a).
If you would like to receive more fine-grained and personalized update alerts about fixes that are relevant to the version and features you use, please consider subscribing to MySQL Enterprise (a commercial MySQL offering). For more details please see http://www.mysql.com/products/enterprise/advisors.html.
Functionality Added or Changed
To enable stricter control over the location from which
user-defined functions can be loaded, the
plugin_dir system variable has
been backported from MySQL 5.1. If the value is nonempty,
user-defined function object files can be loaded only from the
directory named by this variable. If the value is empty, the
behavior that is used prior to the inclusion of
plugin_dir applies: The UDF
object files must be located in a directory that is searched by
your system's dynamic linker.
If the plugin directory is writable by the server, it may be
possible for a user to write executable code to a file in the
... INTO DUMPFILE. This can be prevented by making
plugin_dir read only to the
server or by setting
--secure-file-priv to a directory
SELECT writes can be made
Security Fix; Important Change:
It was possible to circumvent privileges through the creation of
MyISAM tables employing the
options to overwrite existing table files in the MySQL data
directory. Use of the MySQL data directory in
INDEX DIRECTORY path
name is no longer permitted.
Additional corrections were made to handle the data directory path name if it contains symlinked directories in its path, and to make the check both at table-creation time and at table-opening time later. (Bug #32167, CVE-2008-2079)
References: See also Bug #39277.
The server consumed excess memory while parsing statements with
hundreds or thousands of nested boolean conditions (such as
OR (OR ... (OR ... ))). This could lead to a
server crash or incorrect statement execution, or cause other
client statements to fail due to lack of memory. The latter
result constitutes a denial of service.