MySQL 5.1 to 5.1.18 multiple vulnerabilities

Description
  • The remote database server is affected by multiple vulnerabilities.
    1. Evaluation of an 'IN()' predicate with a decimal-valued argument causes a service crash.
    2. A user can rename a table even though he does not have DROP privileges.
    3. If a stored routine is declared as 'SQL SECURITY INVOKER', a user may be able to gain privileges by invoking that routine.
    4. A user with only ALTER privileges on a partitioned table can discover information about the table that should require SELECT privileges.
Remediation
  • Upgrade to MySQL version 5.1.18 or later.
References