A security issue and two vulnerabilities have been reported in MySQL, where one has an unknown impact and others can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions.

1) An error when verifying authentication attempts can be exploited to bypass the authentication mechanism.

Successful exploitation of this security issue requires MySQL to be built on a system with a library that allows "memcmp()" to return a value outside of the -128 through 127 range (e.g. sse-optimized glibc).

NOTE: Vendor binaries are reportedly not affected.

The security issue is reported in versions prior to 5.1.63 and 5.5.25.

2) An unspecified error exists. No further information is currently available.

This vulnerability is reported in versions prior to 5.1.63.

3) An error when handling the creation of a reference for a sort order index can be exploited to calculate an incorrect key length and cause a crash.

This vulnerability is reported in versions prior to 5.5.24.

Solution
Update to version 5.1.63 or 5.5.25.

Provided and/or discovered by
Reported by the vendor.

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html
http://bugs.mysql.com/bug.php?id=59387
http://bugs.mysql.com/bug.php?id=64884
http://seclists.org/oss-sec/2012/q2/493

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers