This is a bugfix release for the current MySQL Community Server production release family. It replaces MySQL 5.0.51.
Security Fix: Three vulnerabilities in yaSSL versions 1.7.5 and earlier were discovered that could lead to a server crash or execution of unauthorized code. The exploit requires a server with yaSSL enabled and TCP/IP connections enabled, but does not require valid MySQL account credentials. The exploit does not apply to OpenSSL.
The proof-of-concept exploit is freely available on the Internet. Everyone with a vulnerable MySQL configuration is advised to upgrade immediately.
(Bug #33814, CVE-2008-0226, CVE-2008-0227)
ALTER VIEW retained the original
DEFINER value, even when altered by another user, which could enable that user to gain the access rights of the view. Now
ALTER VIEW is permitted only to the original definer or users with the
SUPER privilege. (Bug #29908)
Security Fix: When using a
FEDERATED table, the local server could be forced to crash if the remote server returned a result with fewer columns than expected. (Bug #29801)
When running the MySQL Instance Configuration Wizard, a race condition could exist that failed to connect to a newly configured instance. This was because mysqld had not completed the startup process before the next stage of the installation process. (Bug #28628)
For Vista installs, MySQLInstanceConfig.exe did not add the default MySQL port to the firewall exceptions. It now provides a check box that enables the user a choice of whether to do this. (Bug #24853)
For Windows Vista, MySQLInstanceConfig.exe did not include a proper manifest enabling it to run with administrative privileges. (Bug #22563)
References: See also Bug #24732.
MySQLInstanceConfig.exe failed to grant certain privileges to the
'root'@'%' account. (Bug #17303)