1) MySQL entry: InnoDB Storage Engine: Security Fix: Issuing TRUNCATE TABLE and examining the same table's information in the INFORMATION_SCHEMA database at the same time could cause a crash in the debug version of the server. (Bug #54678) Red Hat Bugzilla entry: mysql: DoS (crash, deadlock) by issuing TRUNCATE TABLE and examining particular table information in debug mode on certain engines (MySQL bug#54678) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=717944 Description: It was found that MySQL server did not properly handle certain TRUNCATE TABLE statements, which simultaneously examined the particular table's information in the INFORMATION_SCHEMA database, when the debug mode was applied and storage engine, which does not support truncate table via a external drop and recreate, was used. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon crash or deadlock). References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=54678 [3] http://lists.mysql.com/commits/119465 Note: This would be CVE-2010-* CVE identifier based on the reported time of upstream bug. 2) MySQL entry: Security Fix: The server crashed for assignment of values of types other than Geometry to items of type GeometryCollection (MultiPoint, MultiCurve, MultiSurface). Now the server checks the field type and fails with bad geometry value if it detects incorrect parameters. (Bug #55531) Red Hat Bugzilla entry: mysql: DoS (crash) by performing SQL queries involving assignment of non Geometry type values to GeometryCollection typed items (MySQL bug#55531) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=717896 Description: It was found that MySQL server did not properly check the particular field type in SQL queries involving assignments of type values into GeometryCollection typed items like MultiPoint, MultiCurve, MultiSurface. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon crash) via SQL query containing conversion(s) from geometry types to strings. References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=55531 (not public) [3] http://lists.mysql.com/commits/119434?f=plain Note: This would be CVE-2010-* CVE identifier based on the reported time of the upstream bug. 3) MySQL entry: Security Fix: EXPLAIN EXTENDED caused a server crash with some prepared statements. (Bug #54494) Red Hat Bugzilla entry: mysql: DoS (abort) by performing certain EXPLAIN EXTENDED SQL queries in prepared-statement mode (MySQL bug#54494) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=717703 Description: An attempt to call of pure virtual method was found in the way MySQL server processed certain SQL queries requesting EXPLAIN EXTENDED for a SELECT from table statement, when outer join and empty (always True) WHERE condition was used in prepared-statement mode. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon abort). References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=54494 (not public) [3] http://lists.mysql.com/commits/113011 Note: This would be CVE-2010-* CVE identifier based on the reported time of the upstream bug report. 4) MySQL entry: Security Fix: In prepared-statement mode, EXPLAIN for a SELECT from a derived table caused a server crash. (Bug #54488) Red Hat Bugzilla entry: mysql: DoS (crash) by performing EXPLAIN for a SELECT from a derived table query in prepared-statement mode (MySQL bug#54488) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=717686 Description: A NULL pointer derefence flaw was found in the way MySQL server processed certain SQL queries requesting EXPLAIN for a SELECT from a derived table in prepared-statement mode. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon crash). References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=54488 Note: This would be CVE-2010-* CVE identifier based on the reported time of the upstream bug report. 5) MySQL entry: InnoDB Storage Engine: For an InnoDB table with an auto-increment column, the server could crash if the first statement that references the table after a server restart is a SHOW CREATE TABLE statement. (Bug #55277) Red Hat Bugzilla entry: mysql: Assertion failure when running SHOW CREATE TABLE statement on InnoDB table upon server restart (MySQL bug#55277) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=717977 Description: An assertion failure was found in the way MySQL server processed certain SQL queries, containing SHOW CREATE TABLE statement and referencing InnoDB storage engine table with the auto-increment column, when such queries were run upon server restart. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon abort due assertion failure). References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=55277 [3] http://lists.mysql.com/commits/119960?f=plain Note: This would be CVE-2010-* CVE identifier based on the reported time of the upstream bug report. 6) MySQL entry: Partitioning: Replication: Attempting to execute LOAD DATA on a partitioned MyISAM table while using statement-based logging mode caused the master to hang or crash. (Bug #51851) Red Hat Bugzilla entry: mysql: DoS (master hang or crash) by executing LOAD DATA on a partitioned MyISAM table while using statement-based logging mode (MySQL bug#51851) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=718233 Description: It was found that MySQL server did not properly handle locks mutex in SQL queries executing LOAD DATA on a partitioned MyISAM table, when statement-based logging mode was used. A remote, valid MySQL user could use this flaw to cause a denial of service (master MySQL replication server hang or crash) via specially-crafted SQL query. References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=51851 [3] http://lists.mysql.com/commits/104667 Note: This would be CVE-2010-* CVE identifier based on the reported time of the upstream bug report. 7) MySQL entry: If there was an active SELECT statement, an error arising during trigger execution could cause a server crash. (Bug #55421) Red Hat Bugzilla entry: mysql: DoS (crash) by processing error arising during trigger execution, when active SELECT statement present (MySQL bug#55421) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=718257 Description: It was found that MySQL server did not properly handle processing of error message, which arose during trigger execution, when another active SELECT SQL statement was present. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon crash) via specially-crafted SQL query. References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=55421 Note: This would be CVE-2010-* CVE identifier based on the reported date of the upstream bug report. 8) MySQL entry: With an UPDATE IGNORE statement including a subquery that was evaluated using a temporary table, an error transferring the data from the temporary was ignored, causing an assertion to be raised. (Bug #54543) Red Hat Bugzilla entry: mysql: Assertion failure by processing UPDATE IGNORE statement including a subquery that was evaluated using a temporary table (MySQL bug#54543) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=718283 Description: It was found that MySQL server did not properly handle SQL UPDATE IGNORE statements, which included a subquery that was evaluated using a temporary table. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon to terminate with assertion failure). References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=54543 Note: This would be CVE-2010-* CVE identifier based on the reported date of the upstream bug report. 9) MySQL entry: Using REPAIR TABLE table USE_FRM on a MERGE table caused the server to crash. (Bug #46339) Red Hat Bugzilla entry: mysql: DoS (crash) by processing REPAIR TABLE table USE_FRM on a MERGE table (MySQL bug#46339) Red Hat Bugzilla ID: https://bugzilla.redhat.com/show_bug.cgi?id=718289 Description: It was found that MySQL server did not properly handle processing of SQL REPAIR TABLE table USE_FRM statements used on a MERGE table. A remote attacker, valid SQL user could use this flaw to cause denial of service (mysqld daemon crash). References: [1] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html [2] http://bugs.mysql.com/bug.php?id=46339 Note: This would be CVE-2009-* CVE identifier based on the reported date of the upstream bug report. The rest of the issues, corrected / listed in MySQL-v5.1.52 announcement: [A] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html would not be interesting from security point of view.