This is a Service Pack release of the MySQL Enterprise Server 5.1.
If you intend to use the plugin version of
InnoDB, we recommend that you use
MySQL 5.1.48 or later instead of 5.1.46sp1. This is because
5.1.46sp1 contains the first production-ready version and the
later version has fixes for some of the bugs found during more
widespread production use.
Security Fix: The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet. (Bug #50974, CVE-2010-1849)
The server failed to check the table name argument of a
COM_FIELD_LIST command packet for validity
and compliance to acceptable table name standards. This could be
exploited to bypass almost all forms of checks for privileges
and table-level grants by providing a specially crafted table
name argument to
In MySQL 5.0 and above, this permitted an authenticated user
SELECT privileges on one
table to obtain the field definitions of any table in all other
databases and potentially of other MySQL instances accessible
from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated
SELECT privileges on one table
could delete or read content from any other table in all
databases on this server, and potentially of other MySQL
instances accessible from the server's file system.
(Bug #53371, CVE-2010-1848)
The server was susceptible to a buffer-overflow attack due to a
failure to perform bounds checking on the table name argument of
COM_FIELD_LIST command packet. By sending
long data for the table name, a buffer is overflown, which could
be exploited by an authenticated user to inject malicious code.
(Bug #53237, CVE-2010-1850)
InnoDB attempted to choose off-page
storage without ensuring that there was an “off-page
storage” flag in the record header. To correct this, in
InnoDB stores locally any
BLOB columns having a maximum
length not exceeding 256 bytes. This is because there is no room
for the “external storage” flag when the maximum
length is 255 bytes or less. This restriction trivially holds in
formats, because there
always stores locally columns having a length up to
local_len = 788 bytes.
InnoDB page splitting could enter
an infinite loop for compressed tables.
A syntactically invalid trigger could cause the server to crash when trying to list triggers. (Bug #50755)
EXPLAIN could cause a server
crash for some queries with subqueries.
MySQL incorrectly processed
special` UPGRADE DATA
.., or a sequence starting with
../. It used the
server data directory (which contains other regular databases)
as the database directory.
(Bug #53804, CVE-2010-2008)