Open MySQL security holes

Filed under
Software
Security

Oracle's forthcoming version 5.1.47 of MySQL is said to contain several important security patches. The changelog states that the developers have closed three security holes which allow attackers to cause a server crash, obtain unauthorised database access or, in the worst case, inject arbitrary code and execute it on the server. The developers didn't mention which exact versions are affected.

While the flaws are already listed in the MySQL bug tracker, unlike the changelog the bug tracker entries are not publicly available. It was, therefore, a rather clumsy decision to provide the general public with such detailed information about the security holes; while the added attention makes it more likely that the holes will be exploited, the hands of admins are tied because they have no fixed version to switch to.

rest here