MySQL 5.1 to 5.1.18 multiple vulnerabilities


The remote database server is affected by multiple vulnerabilities.
1. Evaluation of an 'IN()' predicate with a decimal-valued argument causes a service crash.
2. A user can rename a table even though he does not have DROP privileges.
3. If a stored routine is declared as 'SQL SECURITY INVOKER', a user may be able to gain privileges by invoking that routine.
4. A user with only ALTER privileges on a partitioned table can discover information about the table that should require SELECT privileges.


Upgrade to MySQL version 5.1.18 or later.