I meant between 5.5.41-25.12-855 and 5.5.41-37.0

I’ve had a response from our developers and that is that Percona Server 5.1 will move to “Customized support”, which essential is EOL unless someone pays for a release and backports. As such our recommendation is to upgrade to at least 5.5 as soon as possible.

Thank you for your help! Unfortunately upgrade is not always an option, and not always my decision (due the tight software dependency).

Please note MySQL 5.1 is still supported and will supported until 2020 on RHEL6 (and their derivates CentOS6, Scientific Linux 6). But the Percona Server 5.1 is lot more tuned and has more administrative features for production workload, than the original version. So I would prefer to stay on the Percona Server 5.1 instead of replacing it with the untuned distro version. As Redhat will eventually release the fixes (as source code), your security team could also use it as a patch source. I would be really helpful if the security team at least integrate the security patches released by Redhat to the Percona Server 5.1 series, and rebuild the packages.

Thanks for your help!

I will ask our development team, however given 5.1 went EOL in 2013 I would strongly recommend you look to upgrade as soon as possible!

The versions noted in the post contain the fixes, of course I would recommend however that you use the latest version to ensure you have all of the most recent fixes.

Indeed, you are right. It is correct, strictly speaking. It just doesn’t mention the race condition, or REPAIR, or OPTIMIZE, or MyISAM, only CREATE/INSERT/SELECT, which aren’t used in this vulnerability at all. So it appears to look incorrectly and that was confusing. Sorry.

This does look incorrect, I will advise marketing of the error.

CVE-2016-6663 description was taken from the advisory linked