When the publishing process for MySQL 5.5.1-m2 was already running, the MySQL team was informed about a security problem in the SSL connect area (a possibility to crash the server). The problem is caused by a buffer overflow in the yaSSL library. MySQL Servers using OpenSSL are not affected; it can only occur when SSL (using yaSSL) is enabled.

This problem is still under detailed investigation with the various versions, configurations, and platforms. When that has finished, the problem will be fixed as soon as possible, and new binaries for the affected versions will be released. However, building and testing these binaries in the various configurations on the various platforms will take some time.

The bug is tracked with CVE ID CVE-2009-4484. We repeat the general security hint: If it is not absolutely necessary that external machines can connect to your database instance, we recommend that the server's connection port be blocked by a firewall to prevent any such illegitimate accesses.

Bugs fixed: