SynopsisThe remote database server is vulnerable to multiple denial of service attacks.
DescriptionVersions of MySQL Community Server 5.1 earlier than 5.1.49 are potentially affected by multiple vulnerabilities :
- After changing the values of the 'innodb_file_format' or 'innodb_file_per_table' configuration parameters, DDL statements could cause a server crash. (Bug #55039)
Joins involving a table with a unique SET column could cause a server crash. (Bug #54575)
Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when ULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier which could lead to a crash. (Bug #54477)
- A malformed argument to the BINLOG statement could result in Valgrind warnings or a server crash. (Bug #54393)
- Use of TEMPORARY InnoDB tables with nullabale columns could cause a server crash. (Bug #54044)
- The server could crash if there were alternate reads from two indexes on a table using the HANDLER interface. (Bug #54007)
- Using EXPLAIN with specially crafted queries could lead to a crash. (Bug #52711)
- 'LOAD DATA INFILE' did not check for SQL errors and sent an OK packet even when errors were already reported. (Bug #52512)
SolutionUpgrade to MySQL Community Server 5.1.49 or later.