End of Product Lifecycle. Active development for MySQL Database Server version 5.0 has ended. Oracle offers various support offerings which may be of interest. For details and more information, see the MySQL section of the Lifetime Support Policy for Oracle Technology Products (http://www.oracle.com/us/support/lifetime-support/index.html). Please consider upgrading to a recent version.
This section documents all changes and bugfixes that have been applied since the last MySQL Enterprise Server and MySQL Community Server release (5.0.90). If you would like to receive more fine-grained and personalized update alerts about fixes that are relevant to the version and features you use, please consider subscribing to MySQL Enterprise (a commercial MySQL offering). For more details please see http://www.mysql.com/products/enterprise/advisors.html.
This is the final release of MySQL 5.0 for which Generic Linux MySQL binary packages built with the icc compiler on x86 and x86_64 will be offered. These were previously produced as an alternative to our main packages built using gcc, as they provided noticeable performance benefits. In recent times the performance differences have diminished and build and runtime problems have surfaced, thus it is no longer viable to continue producing them.
We continue to use the icc compiler to produce our distribution-specific RPM packages on ia64.
The server failed to check the table name argument of a
COM_FIELD_LIST command packet for validity
and compliance to acceptable table name standards. This could be
exploited to bypass almost all forms of checks for privileges
and table-level grants by providing a specially crafted table
name argument to
In MySQL 5.0 and above, this permitted an authenticated user
SELECT privileges on one
table to obtain the field definitions of any table in all other
databases and potentially of other MySQL instances accessible
from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated
SELECT privileges on one table
could delete or read content from any other table in all
databases on this server, and potentially of other MySQL
instances accessible from the server's file system.
(Bug #53371, CVE-2010-1848)
The server was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of
COM_FIELD_LIST command packet. By sending
long data for the table name, a buffer is overflown, which could
be exploited by an authenticated user to inject malicious code.
(Bug #53237, CVE-2010-1850)
Security Fix: The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet. (Bug #50974, CVE-2010-1849)
The optimizer could attempt to evaluate the
WHERE clause before any rows had been read,
resulting in a server crash.
cause a crash for some pathnames.
HANDLER statements with
tables that had spatial indexes caused a server crash.
With an XA transaction active,
SET autocommit =
1 could cause side effects such as memory corruption
or a server crash.
The SSL certificates in the test suite were about to expire. They have been updated with expiration dates in the year 2015. (Bug #50642)
For debug builds, an assertion was incorrectly raised in the
optimizer when matching
ORDER BY expressions.
filesort sorting method applied to a
CHAR(0) column could lead to a
EXPLAIN EXTENDED crashed trying
to print column names for a subquery in the
FROM clause when the table had gone out of
mysql-test-run.pl now recognizes the
MTR_START_TIMEOUT environment variables. If
they are set, their values are used to set the
--start-timeout options, respectively.
INTERVAL expressions could cause a
crash on 64-bit systems.
The server crashed when it could not determine the best
execution plan for queries involving outer joins with
ON clauses such as the ones
RAND() function, a
user-defined function, or a
If an outer query was invalid, a subquery might not be set up.
EXPLAIN EXTENDED did not expect
this and caused a crash by trying to dereference improperly set