Multiple vulnerabilities have been reported in MySQL, which can be exploited by malicious users to gain escalated privileges or cause a DoS (Denial of Service).

1) An error in MySQL replication when handling version specific comments can be exploited to execute arbitrary SQL statements with "SUPER" privileges on a slave if the master runs a lower server release version than the slave.

This vulnerability is reported in versions prior to 5.1.50.

2) An error in the processing of arguments passed to e.g. the "LEAST()" or "GREATEST()" function can be exploited to cause the server to crash.

3) An error when materialising a derived table that requires a temporary table for grouping can be exploited to cause the server to crash.

4) An error exists due to the re-evaluation of expression values used for temporary tables, which can be exploited to cause the server to crash.

5) An error in the handling of the "GROUP_CONCAT()" statement in combination with "WITH ROLLUP" can be exploited to cause the server to crash.

6) An error within the handling of the "GREATEST()" or "LEAST()" functions when using an intermediate temporary table can be exploited to cause a crash by passing a mixed list of numeric and "LONGBLOB" arguments to the affected functions.

7) An error in the processing of nested joins in stored procedures and prepared statements can be exploited to cause an infinite loop.

8) An error in the "PolyFromWKB()" function can be exploited to crash the server by passing specially crafted WKB data to the function.

9) An error within the "CONVERT_TZ()" function when receiving an empty SET column value as timezone argument can be exploited to crash the server.

10) An error within the InnoDB storage engine when opening certain tables can be exploited to cause a stack overflow.

Vulnerabilities #2 through #10 are reported in versions prior to 5.1.51.

Solution
Update to version 5.1.51.

Provided and/or discovered by
Reported in MySQL bug reports by:
1) Libing Song
2 - 6, 8, 9) Shane Bester
7) John H. Embretsen
10) Susanne Ebrecht

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html

Deep Links
Links available to Secunia VIM customers