-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
MySQL 3.23.54, a new version of the world's most popular Open Source
Database, has been released. It is now available in source and binary
form for a number of platforms from our download pages at
http://www.mysql.com/downloads/ and mirror sites.
This is a bugfix release for the current stable tree.
Apart from fixing several bugs, this release also resolves multiple
security vulnerabilities that have been found and reported to us by Stefan
Esser from e-matters GmbH, Germany. You can read the full text of Stefans
advisory here:
http://security.e-matters.de/advisories/042002.html
We are very grateful for his help in spotting and reporting this problem
to us.
As these vulnerabilities can be exploited from a remote attacker to crash
the MySQL server or to execute arbitrary code with the privileges of the
user running the MySQL server, we strongly advise all users to upgrade to
this version.
MySQL 4.0 is also affected by this problem - we will provide updated
packages for this version as soon as possible, too. The required fixes
have already been applied to our public BitKeeper source repositories as
well.
From the ChangeLog:
* Fixed a bug, that allowed to crash `mysqld' with a specially
crafted packet.
* Fixed a rare crash (double `free''d pointer) when altering a
temporary table.
* Fixed buffer overrun in `libmysqlclient' library that allowed
malicious `MySQL' server to crash the client application.
* Fixed security-related bug in `mysql_change_user()' handling. All
users are strongly recommended to upgrade to the version 3.23.54.
* Fixed bug that prevented `--chroot' command-line option of `mysqld'
from working.
* Fixed bug that made `OPTIMIZE TABLE' to corrupt the table under
some rare circumstances.
* Fixed `mysqlcheck' so it can deal with table names containing
dashes.
* Fixed shutdown problem on Mac OS X.
* Fixed bug with comparing an indexed `NULL' field with `= NULL'.
* Fixed bug that caused `IGNORE INDEX' and `USE INDEX' sometimes to
be ignored.
* Fixed rare core dump problem in complicated `GROUP BY' queries that
didn't return any result.
* Fixed a bug where `MATCH ... AGAINST () =0' was treated as if it
was `'.
* One can create `TEMPORARY' `MERGE' tables now.
* Fixed that `--core-file' works on Linux (at least on kernel
2.4.18).
* Fixed a problem with `BDB' and `ALTER TABLE'.
* Fixed reference to freed memory when doing complicated `GROUP BY
... ORDER BY' queries. Symptom was that `mysqld' died in function
`send_fields'.
* Allocate heap rows in smaller blocks to get better memory usage.
* Fixed memory allocation bug when storing `BLOB' values in internal
temporary tables used for some (unlikely) `GROUP BY' queries.
* Fixed a bug in key optimizing handling where the expression `WHERE
column_name = key_column_name' was calculated as true for `NULL'
values.
* Fixed core dump bug when doing `LEFT JOIN ... WHERE
key_column=NULL'.
* Fixed `MyISAM' crash when using dynamic-row tables with huge
numbers of packed fields.
Additional notes:
* Due to a hardware failure, we are currently unable to provide
Solaris 2.7 binaries - we apologize for any inconveniences that
may cause you.
* The windows binaries may not have been copied to all mirror sites
yet - please give the mirrors a while to synchronize.
Bye,
LenZ
- --
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
__ ___ ___ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer [EMAIL PROTECTED]
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
___/ www.mysql.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE9+J68SVDhKrJykfIRAoOZAJ9bmYWgyPOkcx/067TM3vKt+81pTACdE3sG
jCZsNbHwXpqigRpL96RHQZQ=
=KcLE
-END PGP SIGNATURE-
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php