MySQL is vulnerable to a buffer overflow. A flaw in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command (this command is sent when a client uses the MySQL mysql_list_fields() client library function). An authenticated database user could send a request with an excessively long table name to cause a temporary denial of service (mysqld crash) or, potentially, execute arbitrary code with the privileges of the database server.
bugs.mysql.com/bug.php?id=53237
dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
securitytracker.com/id?1024033
support.apple.com/kb/HT4435
www.mandriva.com/security/advisories?name=MDVSA-2010:107
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0442.html
www.ubuntu.com/usn/USN-1397-1
access.redhat.com/errata/RHSA-2010:0442
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10846
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6693