Hello,
I'm a new user to MySql and I've just starting to download and install
MySql.
I've a question:
Does each version of MySql has binary AND src version for installation ?
I've been to http://www.mysql.com/downloads/ for MySQL 4.0.7 and I found
binary version only.
Does the majority of MySql user us the binary version ?
Who would have the need to use src version of installation.
I imagine that src version give user more options for customizing MySql.
I'm installing MySql for use with vbulletin software from www.bulletin.com
and
I'm concerned whether I should install binary or src version of MySql.
-Original Message-
From: Lenz Grimmer [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 27, 2002 12:11 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: MySQL 4.0.7 is released
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
MySQL 4.0.7, a new version of the popular Open Source Database, has been
released. It is now available in source and binary form for a number of
platforms from our download pages at http://www.mysql.com/downloads/ and
mirror sites.
Around the time MySQL 4.0.6 was ready to be released to fix the security
vulnerabilities that have been reported to us by eMatters GmbH, we were
informed about another potential security vulnerability. Because the 4.0.6
builds were almost completed at this point, and we wanted to get these out
to fix the already widely known security issues, we decided to resolve
this vulnerability for MySQL 4.0.7 instead and release it immediately
after MySQL 4.0.6.
Users that use previous versions of MySQL 4.0 in an untrusted multi-user
environment (e.g. ISPs providing database hosting) are encouraged to
update to MySQL 4.0.7 as soon as possible.
Please note, that this new vulnerability does only affect MySQL 4.0 -
MySQL 3.23 is not affected by this bug.
A short description of the vulnerability:
o MySQL 4.0 did not properly check the user's privileges when receiving
the (deprecated) client function call mysql_drop_db() to drop the
specified database.
o This allowed any user to arbitrary drop any database, if he was able
to log in as a valid user and his MySQL client application used the
obsolete mysql_drop_db() function call instead of the DROP DATABASE
SQL statement.
o When using DROP DATABASE, the user's privileges were always verified
correctly before dropping the database.
o This bug can not be exploited without a valid MySQL user account -
it is not possible for an anonymous remote attacker to perform this
operation.
o So far, we are only aware of one client application that still uses
this function call.
o The mysql client application provided with the MySQL distribution
as well as the MySQL Control Center cannot be used to exploit this
vulnerability.
o No data was compromised from other users' databases - this bug did not
affect the privileges required to actually read data from other
databases or tables.
o If logging was enabled (e.g. by using the --log or --log-bin
command line switches), the operation was also logged by the MySQL
server, including the user and host name (if --log was used).
We would like to thank Gary Huntress for making us aware of this problem.
News from the MySQL 4.0.7 ChangeLog:
Functionality added or changed:
* `mysqlbug' now also reports the compiler version used for building
the binaries (if the compiler supports the option `--version').
Bugs fixed:
* Fixed compilation problems on OpenUnix and HPUX 10.20.
* Fixed some optimisation problems when compiling MySQL with
`-DBIG_TABLES' on a 32 bit system.
* `mysql_drop_db()' didn't check permissions properly so anyone could
drop another users database. `DROP DATABASE' is checked properly.
Additional notes:
* It is quite possible that not all mirror sites have picked up
the Linux RPM packages yet, because the were added some time after
the other binary packages.
* Due to a hardware failure, we are currently unable to provide
Solaris 2.7 binaries - we apologize for any inconveniences that
may cause you. Some users reported, that the Solaris 2.8 package
worked for them on Solaris 2.7, too - so you might want to give
that a try. We are working on setting up a new Solaris 2.7 build
system and hope to have it available for future releases again.
Happy New Year!
Bye,
LenZ
- --
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
__ ___ ___ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer [EMAIL PROTECTED]
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
___/ www.mysql.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+DLPGSVDhKrJykfIRAs4IAJwMA0K2zWYylGGUTi6utqt3PTrNRgCbBvHX
UUL38wzEmLUc1MQIygKI094=
=nxCr
-END PGP SIGNATURE-