Re: MySQL 4.0.7 is released
In article [EMAIL PROTECTED], Andreas [EMAIL PROTECTED] wrote: Hsiao Ketung Contr 61 CS/SCBN wrote: Who would have the need to use src version of installation. I imagine that src version give user more options for customizing MySql. sure ... but do you feel anythig lacking ? I know two reasons at least (because I have done both): 1. The site uses an unconventional directory structure by choice; have to run configure manually to get the directory structure right. 2. Previous installations from RPM gave upgrade/dependency troubles; decided to use source to make sure that MySQL works at the site. -- Ambrose Li [EMAIL PROTECTED] http://ada.dhs.org/~acli/cmcc/ http://www.cccgt.org/ DRM is theft - We are the stakeholders - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL 4.0.7 is released
What does it mean when you say: MySQL 4.0.7 is released and then you give a URL? When one goes to the URL, one sees text which says the latest version is 4.0.5. So, is 4.0.7 released or is it not? If so, why do you not point to pages on the web site which actually include the release which you are announcing? For example, since http://www.mysql.com/downloads/ does not point to the 4.0.7 version, which page does? thanx - ray On Friday, December 27, 2002, at 12:10 PM, Lenz Grimmer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, MySQL 4.0.7, a new version of the popular Open Source Database, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://www.mysql.com/downloads/ and mirror sites. snip - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL 4.0.7 is released
Just think, one more click and you wouldn't have had to send an e-mail. http://www.mysql.com/downloads/mysql-max-4.0.html http://www.mysql.com/downloads/mysql-standard-4.0.html Richard. - Original Message - From: Ray Kiddy [EMAIL PROTECTED] To: Lenz Grimmer [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, December 30, 2002 12:57 AM Subject: Re: MySQL 4.0.7 is released What does it mean when you say: MySQL 4.0.7 is released and then you give a URL? When one goes to the URL, one sees text which says the latest version is 4.0.5. So, is 4.0.7 released or is it not? If so, why do you not point to pages on the web site which actually include the release which you are announcing? For example, since http://www.mysql.com/downloads/ does not point to the 4.0.7 version, which page does? thanx - ray On Friday, December 27, 2002, at 12:10 PM, Lenz Grimmer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, MySQL 4.0.7, a new version of the popular Open Source Database, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://www.mysql.com/downloads/ and mirror sites. snip - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL 4.0.7 is released
Hsiao Ketung Contr 61 CS/SCBN wrote: Does each version of MySql has binary AND src version for installation ? yes I found binary version only. look again it's on the bottom of the page Does the majority of MySql user us the binary version ? dunno ... but it works, so why bother ? Who would have the need to use src version of installation. I imagine that src version give user more options for customizing MySql. sure ... but do you feel anythig lacking ? - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
MySQL 4.0.7 is released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, MySQL 4.0.7, a new version of the popular Open Source Database, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://www.mysql.com/downloads/ and mirror sites. Around the time MySQL 4.0.6 was ready to be released to fix the security vulnerabilities that have been reported to us by eMatters GmbH, we were informed about another potential security vulnerability. Because the 4.0.6 builds were almost completed at this point, and we wanted to get these out to fix the already widely known security issues, we decided to resolve this vulnerability for MySQL 4.0.7 instead and release it immediately after MySQL 4.0.6. Users that use previous versions of MySQL 4.0 in an untrusted multi-user environment (e.g. ISPs providing database hosting) are encouraged to update to MySQL 4.0.7 as soon as possible. Please note, that this new vulnerability does only affect MySQL 4.0 - MySQL 3.23 is not affected by this bug. A short description of the vulnerability: o MySQL 4.0 did not properly check the user's privileges when receiving the (deprecated) client function call mysql_drop_db() to drop the specified database. o This allowed any user to arbitrary drop any database, if he was able to log in as a valid user and his MySQL client application used the obsolete mysql_drop_db() function call instead of the DROP DATABASE SQL statement. o When using DROP DATABASE, the user's privileges were always verified correctly before dropping the database. o This bug can not be exploited without a valid MySQL user account - it is not possible for an anonymous remote attacker to perform this operation. o So far, we are only aware of one client application that still uses this function call. o The mysql client application provided with the MySQL distribution as well as the MySQL Control Center cannot be used to exploit this vulnerability. o No data was compromised from other users' databases - this bug did not affect the privileges required to actually read data from other databases or tables. o If logging was enabled (e.g. by using the --log or --log-bin command line switches), the operation was also logged by the MySQL server, including the user and host name (if --log was used). We would like to thank Gary Huntress for making us aware of this problem. News from the MySQL 4.0.7 ChangeLog: Functionality added or changed: * `mysqlbug' now also reports the compiler version used for building the binaries (if the compiler supports the option `--version'). Bugs fixed: * Fixed compilation problems on OpenUnix and HPUX 10.20. * Fixed some optimisation problems when compiling MySQL with `-DBIG_TABLES' on a 32 bit system. * `mysql_drop_db()' didn't check permissions properly so anyone could drop another users database. `DROP DATABASE' is checked properly. Additional notes: * It is quite possible that not all mirror sites have picked up the Linux RPM packages yet, because the were added some time after the other binary packages. * Due to a hardware failure, we are currently unable to provide Solaris 2.7 binaries - we apologize for any inconveniences that may cause you. Some users reported, that the Solaris 2.8 package worked for them on Solaris 2.7, too - so you might want to give that a try. We are working on setting up a new Solaris 2.7 build system and hope to have it available for future releases again. Happy New Year! Bye, LenZ - -- For technical support contracts, visit https://order.mysql.com/?ref=mlgr __ ___ ___ __ / |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer [EMAIL PROTECTED] / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer /_/ /_/\_, /___/\___\_\___/ Hamburg, Germany ___/ www.mysql.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+DLPGSVDhKrJykfIRAs4IAJwMA0K2zWYylGGUTi6utqt3PTrNRgCbBvHX UUL38wzEmLUc1MQIygKI094= =nxCr -END PGP SIGNATURE- - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: MySQL 4.0.7 is released
Hello, I'm a new user to MySql and I've just starting to download and install MySql. I've a question: Does each version of MySql has binary AND src version for installation ? I've been to http://www.mysql.com/downloads/ for MySQL 4.0.7 and I found binary version only. Does the majority of MySql user us the binary version ? Who would have the need to use src version of installation. I imagine that src version give user more options for customizing MySql. I'm installing MySql for use with vbulletin software from www.bulletin.com and I'm concerned whether I should install binary or src version of MySql. -Original Message- From: Lenz Grimmer [mailto:[EMAIL PROTECTED]] Sent: Friday, December 27, 2002 12:11 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: MySQL 4.0.7 is released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, MySQL 4.0.7, a new version of the popular Open Source Database, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://www.mysql.com/downloads/ and mirror sites. Around the time MySQL 4.0.6 was ready to be released to fix the security vulnerabilities that have been reported to us by eMatters GmbH, we were informed about another potential security vulnerability. Because the 4.0.6 builds were almost completed at this point, and we wanted to get these out to fix the already widely known security issues, we decided to resolve this vulnerability for MySQL 4.0.7 instead and release it immediately after MySQL 4.0.6. Users that use previous versions of MySQL 4.0 in an untrusted multi-user environment (e.g. ISPs providing database hosting) are encouraged to update to MySQL 4.0.7 as soon as possible. Please note, that this new vulnerability does only affect MySQL 4.0 - MySQL 3.23 is not affected by this bug. A short description of the vulnerability: o MySQL 4.0 did not properly check the user's privileges when receiving the (deprecated) client function call mysql_drop_db() to drop the specified database. o This allowed any user to arbitrary drop any database, if he was able to log in as a valid user and his MySQL client application used the obsolete mysql_drop_db() function call instead of the DROP DATABASE SQL statement. o When using DROP DATABASE, the user's privileges were always verified correctly before dropping the database. o This bug can not be exploited without a valid MySQL user account - it is not possible for an anonymous remote attacker to perform this operation. o So far, we are only aware of one client application that still uses this function call. o The mysql client application provided with the MySQL distribution as well as the MySQL Control Center cannot be used to exploit this vulnerability. o No data was compromised from other users' databases - this bug did not affect the privileges required to actually read data from other databases or tables. o If logging was enabled (e.g. by using the --log or --log-bin command line switches), the operation was also logged by the MySQL server, including the user and host name (if --log was used). We would like to thank Gary Huntress for making us aware of this problem. News from the MySQL 4.0.7 ChangeLog: Functionality added or changed: * `mysqlbug' now also reports the compiler version used for building the binaries (if the compiler supports the option `--version'). Bugs fixed: * Fixed compilation problems on OpenUnix and HPUX 10.20. * Fixed some optimisation problems when compiling MySQL with `-DBIG_TABLES' on a 32 bit system. * `mysql_drop_db()' didn't check permissions properly so anyone could drop another users database. `DROP DATABASE' is checked properly. Additional notes: * It is quite possible that not all mirror sites have picked up the Linux RPM packages yet, because the were added some time after the other binary packages. * Due to a hardware failure, we are currently unable to provide Solaris 2.7 binaries - we apologize for any inconveniences that may cause you. Some users reported, that the Solaris 2.8 package worked for them on Solaris 2.7, too - so you might want to give that a try. We are working on setting up a new Solaris 2.7 build system and hope to have it available for future releases again. Happy New Year! Bye, LenZ - -- For technical support contracts, visit https://order.mysql.com/?ref=mlgr __ ___ ___ __ / |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer [EMAIL PROTECTED] / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer /_/ /_/\_, /___/\___\_\___/ Hamburg, Germany ___/ www.mysql.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+DLPGSVDhKrJykfIRAs4IAJwMA0K2zWYylGGUTi6utqt3PTrNRgCbBvHX UUL38wzEmLUc1MQIygKI094= =nxCr -END PGP SIGNATURE
