MySQL versions 5.1.63 and 5.5.24 fix the following bug noted in the 5.1.63 release notes: * Security Fix: Bug #59387 was fixed. http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html This bug is also fixed in 5.5.24, but not mentioned in the release notes or changelog. Related upstream change is: http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.16 Bug#11766300 59387: FAILING ASSERTION: CURSOR->POS_STATE == 1997660512 (BTR_PCUR_IS_POSITIONE Bug#13639204 64111: CRASH ON SELECT SUBQUERY WITH NON UNIQUE INDEX This issue allows non-admin database user with full SQL access to crash mysqld. Upstream commit explains issue details: The crash happened due to wrong calculation of key length during creation of reference for sort order index. The problem is that keyuse->used_tables can have OUTER_REF_TABLE_BIT enabled but used_tables parameter(create_ref_for_key() func) does not have it. So key parts which have OUTER_REF_TABLE_BIT are ommited and it could lead to incorrect key length calculation(zero key length).
Related upstream bugs remain non-public: http://bugs.mysql.com/bug.php?id=59387 http://bugs.mysql.com/bug.php?id=64111
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1462 https://rhn.redhat.com/errata/RHSA-2012-1462.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0180 https://rhn.redhat.com/errata/RHSA-2013-0180.html