オリジナル版:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
最も普及しているオープンソースデータベース管理システムの新バージョンであるMySQL Community Server 5.0.91がリリースされました。5.0のアクティブメンテナンスは終了しており、このコミュニティビルドはセキュリティのバグ、下記の#50974, 53237, 53371の修正のためにのみ提供されます。
このリリースは、ソースコード及び多くのプラットフォームのためのバイナリで下記のアーカイブダウンロードページから現在利用可能です。
http://downloads.mysql.com/archives.php?p=mysql-5.0&v=5.0.91
MySQL Server 5.0のミラーサービスは終了しました。また、利用の少ないいくつかのプラットフォーム向けのサポートも終了しました。
MySQL Server 5.0は現在拡張サポートのみ提供されており、積極的な開発はMySQL 5.1, 5.5以降で行われていることに注意してください。MySQLのライフサイクルポリシーはここで見つけられるでしょう:
http://www.mysql.de/about/legal/lifecycle/
あなたのためを思って、われわれはMySQL 5.0を利用しているすべてのユーザにMySQL 5.1(現在のプロダクトリリース)、もしくはMySQL 5.5(プレプロダクションリリース、新しい機能を追加したベータ品質)にアップグレードすることを強くお勧めします。
バグレポート、バグ修正、パッチ等の情報をお待ちしておりますので、以下のページをご利用ください。
http://forge.mysql.com/wiki/Contributing
以下のセクションは、以前のリリースであるMySQL Community Server 5.0.90以降のMySQLソースコードにおけるバージョン間の変更を記載しています。
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
あなたが使用するバージョンおよび機能と関係のある修正に関するより詳細かつ個別の更新アラートを受けたい場合、MySQL Enterpriseへの申し込みを検討してください。(商用でMySQLが提供しています)。より詳細な個別の修正情報は以下を参照してください。
http://www.mysql.com/products/enterprise/advisors.html
Bugs fixed:
* Security Fix: The server failed to check the table name
argument of a COM_FIELD_LIST command packet for validity
and compliance to acceptable table name standards. This
could be exploited to bypass almost all forms of checks
for privileges and table-level grants by providing a
specially crafted table name argument to COM_FIELD_LIST.
In MySQL 5.0 and above, this allowed an authenticated
user with SELECT privileges on one table to obtain the
field definitions of any table in all other databases and
potentially of other MySQL instances accessible from the
server's file system.
Additionally, for MySQL version 5.1 and above, an
authenticated user with DELETE or SELECT privileges on
one table could delete or read content from any other
table in all databases on this server, and potentially of
other MySQL instances accessible from the server's file
system.
(Bug#53371: http://bugs.mysql.com/bug.php?id=53371,
CVE-2010-1848
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1848))
* Security Fix: The server was susceptible to a
buffer-overflow attack due to a failure to perform bounds
checking on the table name argument of a COM_FIELD_LIST
command packet. By sending long data for the table name,
a buffer is overflown, which could be exploited by an
authenticated user to inject malicious code.
(Bug#53237: http://bugs.mysql.com/bug.php?id=53237,
CVE-2010-1850
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1850))
* Security Fix: The server could be tricked into reading
packets indefinitely if it received a packet larger than
the maximum size of one packet.
(Bug#50974: http://bugs.mysql.com/bug.php?id=50974,
CVE-2010-1849
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1849))
* The optimizer could attempt to evaluate the WHERE clause
before any rows had been read, resulting in a server
crash.
(Bug#52177: http://bugs.mysql.com/bug.php?id=52177)
* On Windows, LOAD_FILE() could cause a crash for some
pathnames.
(Bug#51893: http://bugs.mysql.com/bug.php?id=51893)
* Use of HANDLER statements with tables that had spatial
indexes caused a server crash.
(Bug#51357: http://bugs.mysql.com/bug.php?id=51357)
* With an XA transaction active, SET autocommit = 1 could
cause side effects such as memory corruption or a server
crash.
(Bug#51342: http://bugs.mysql.com/bug.php?id=51342)
* The SSL certificates in the test suite were about to
expire. They have been updated with expiration dates in
the year 2015.
(Bug#50642: http://bugs.mysql.com/bug.php?id=50642)
* For debug builds, an assertion was incorrectly raised in
the optimizer when matching ORDER BY expressions.
(Bug#50335: http://bugs.mysql.com/bug.php?id=50335)
* The filesort sorting method applied to a CHAR(0) column
could lead to a server crash.
(Bug#49897: http://bugs.mysql.com/bug.php?id=49897)
* sql_buffer_result had an effect on non-SELECT statements,
contrary to the documentation.
(Bug#49552: http://bugs.mysql.com/bug.php?id=49552)
* EXPLAIN EXTENDED crashed trying to print column names for
a subquery in the FROM clause when the table had gone out
of scope.
(Bug#49487: http://bugs.mysql.com/bug.php?id=49487)
* mysql-test-run.pl now recognizes the
MTR_TESTCASE_TIMEOUT, MTR_SUITE_TIMEOUT,
MTR_SHUTDOWN_TIMEOUT, and MTR_START_TIMEOUT environment
variables. If they are set, their values are used to set
the --testcase-timeout, --suite-timeout,
--shutdown-timeout, and --start-timeout options,
respectively.
(Bug#49210: http://bugs.mysql.com/bug.php?id=49210)
* Certain INTERVAL expressions could cause a crash on
64-bit systems.
(Bug#48739: http://bugs.mysql.com/bug.php?id=48739)
* The server crashed when it could not determine the best
execution plan for queries involving outer joins with
nondeterministic ON clauses such as the ones containing
the RAND() function, a user-defined function, or a NOT
DETERMINISTIC stored function.
(Bug#48483: http://bugs.mysql.com/bug.php?id=48483)
* If an outer query was invalid, a subquery might not even
be set up. EXPLAIN EXTENDED did not expect this and
caused a crash by trying to dereference improperly set up
information.
(Bug#48295: http://bugs.mysql.com/bug.php?id=48295)