-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
MySQL 4.1.10a, a new version of the popular Open Source/Free Software Database Management System, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://dev.mysql.com/downloads/ and mirror sites. Note that not all mirror sites may be up to date at this point in time - if you can't find this version on some mirror, please try again later or choose another download site. This MySQL 4.1.10a release just includes the additional patches for recently reported potential security vulnerabilites in the creation of temporary table file names and the handling of User Defined Functions (UDFs). We would like to thank Stefano Di Paola <[EMAIL PROTECTED]> for finding and reporting these to us. Please note that these changes affect the way in which User Defined Functions (UDF) are loaded. Please refer to the section "User-defined Function Security Precautions" in the manual: http://dev.mysql.com/doc/mysql/en/udf-security.html Functionality added or changed relative to 4.1.10: * Security improvement: The server creates `.frm', `.MYD', `.MYI', `.MRG', `.ISD', and `.ISM' table files only if a file with the same name does not already exist. * Security improvement: User-defined functions should have at least one symbol defined in addition to the `xxx' symbol that corresponds to the main `xxx()' function. These auxiliary symbols correspond to the `xxx_init()', `xxx_deinit()', `xxx_reset()', `xxx_clear()', and `xxx_add()' functions. `mysqld' by default no longer loads UDFs unless they have at least one auxiliary symbol defined in addition to the main symbol. The '--allow-suspicious-udfs' option controls whether UDFs that have only an `xxx' symbol can be loaded. By default, the option is off. `mysqld' also checks UDF filenames when it reads them from the `mysql.func' table and rejects those that contain directory pathname separator characters. (It already checked names as given in `CREATE FUNCTION' statements.) See the section in the manual on writing UDFs. Bye, LenZ - -- Lenz Grimmer <[EMAIL PROTECTED]> Senior Production Engineer MySQL GmbH, http://www.mysql.de/ Hamburg, Germany Are you MySQL certified? http://www.mysql.com/certification/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCMcroSVDhKrJykfIRAkpeAJ9ZuMWzCn4+Uc4wEoliE+3Lgn5bKwCfbao6 nIhudxclakOx6Nl6PpIdlZw= =ODl8 -----END PGP SIGNATURE----- -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
