Posted by & filed under MySQL.

MySQL versions prior to 5.1.51 (including 5.1.50) suffer from a vulnerability in the processing of arguments passed to the LEAST()or GREATEST() functions. This issue could be exploited by a malicious user to cause a server crash, leading to a DoS condition.

You really should upgrade your Lenny servers (amd64 or i386) with the new packages of MySQL 5.1.51 from Dotdeb. As usual, don’t forget to read the Changelog before upgrading.

15 Responses to “Upgrade to MySQL 5.1.51! It fixes a DoS vulnerability”

  1. Mostafa

    I have installed phpMyAdmin, But it says :
    Your PHP MySQL library version 5.0.51a differs from your MySQL server version 5.1.51. This may cause unpredictable behavior.

    Please fix it.

  2. Guillaume Plessis

    @Mostafa : as said many times on this blog, 5.0.51a is just the version of the libmysqlclient library PHP was built with. Don’t worry about that delta between the client side and the server side, it does not affect the PHP behaviour.

  3. Xaekai

    If only you offered your MySQL packages with Percona’s edits. 😉

  4. Jools

    In some cases as people are running dotdeb on production machines, would it not be good also
    to provide new packages when serious bugs occur without waiting for debian ?

    I’ve just upgraded mine manually. For anyone else that this bug is affecting you can upgrade without too much trouble (takes some time to build/run the automated tests though).

    download mysql-5.1.52.tar.gz from


    apt-get source mysql-server-5.1
    apt-get build-dep mysql-server-5.1
    cd mysql-5.1-5.1.51
    uupdate ../mysql-5.1.52.tar.gz
    cd ../mysql-5.1-5.1.52
    debuild -i -us -uc -b

    packages created in the parent folder.

    Since new versions can introduce serious problems, I also think it would be a good idea
    to include older builds on the dotdeb machines. This would give users the option of downgrading
    should a problem occur (at their own risk of course).

    Thanks for listening. dotdeb is a much appreciated effort/resource.

  5. yaw

    Hi Guillaume,
    I am trying to upgrade a 5.1.34 dotdeb installation to 5.1.51.

    I have run following command : “apt-get upgrade mysql-server mysql-client libmysqlclient16 mysql-common”

    It seems that apt want to keep my old server :
    “The following packages have been kept back:
    libpurple0 mysql-server-5.1 pidgin”

    Could you specify few steps required to achieve this slight upgrade ?

    Many thanks for your great work

  6. Guillaume Plessis

    @yaw : use a decent package manager, such as dselect, aptitude or synaptic to resolve the dependency issue.

    Perhaps you should install mysql-server-core-5.1. The libpurple0 ans pidgin packages have nothing to deal with Dotdeb.

  7. Dave

    There’s a pretty bad bug in .51 that causes foreign keys to break in some scenarios ( eg magento stores ) that stops you deleting rows with constraints.

    It has been fixed now – i compiled the .53 srouce and the issue has gone away for me.

    A dotdeb package would be much appreciated however!

  8. dave

    jools, yes i followed those but for 53 and it worked fine.

    just saying there shud be dotdeb ones so i dont have to do that 😉

  9. dave

    just did am aptitude update toady and see there are now .53 packages.