List:Packagers« Previous MessageNext Message »
From:Lenz Grimmer Date:December 12 2002 2:35pm
Subject:MySQL 3.23.54 is released
View as plain text  
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

MySQL 3.23.54, a new version of the world's most popular Open Source
Database, has been released. It is now available in source and binary
form for a number of platforms from our download pages at
http://www.mysql.com/downloads/ and mirror sites.

This is a bugfix release for the current stable tree.

Apart from fixing several bugs, this release also resolves multiple
security vulnerabilities that have been found and reported to us by Stefan
Esser from e-matters GmbH, Germany. You can read the full text of Stefans
advisory here:

http://security.e-matters.de/advisories/042002.html

We are very grateful for his help in spotting and reporting this problem
to us.

As these vulnerabilities can be exploited from a remote attacker to crash
the MySQL server or to execute arbitrary code with the privileges of the
user running the MySQL server, we strongly advise all users to upgrade to
this version.

MySQL 4.0 is also affected by this problem - we will provide updated
packages for this version as soon as possible, too. The required fixes
have already been applied to our public BitKeeper source repositories as
well.

>From the ChangeLog:

 * Fixed a bug, that allowed to crash `mysqld' with a specially
   crafted packet.

 * Fixed a rare crash (double `free''d pointer) when altering a
   temporary table.

 * Fixed buffer overrun in `libmysqlclient' library that allowed
   malicious `MySQL' server to crash the client application.

 * Fixed security-related bug in `mysql_change_user()' handling.  All
   users are strongly recommended to upgrade to the version 3.23.54.

 * Fixed bug that prevented `--chroot' command-line option of `mysqld'
   from working.

 * Fixed bug that made `OPTIMIZE TABLE' to corrupt the table under
   some rare circumstances.

 * Fixed `mysqlcheck' so it can deal with table names containing
   dashes.

 * Fixed shutdown problem on Mac OS X.

 * Fixed bug with comparing an indexed `NULL' field with `<=> NULL'.

 * Fixed bug that caused `IGNORE INDEX' and `USE INDEX' sometimes to
   be ignored.

 * Fixed rare core dump problem in complicated `GROUP BY' queries that
   didn't return any result.

 * Fixed a bug where `MATCH ... AGAINST () >=0' was treated as if it
   was `>'.

 * One can create `TEMPORARY' `MERGE' tables now.

 * Fixed that `--core-file' works on Linux (at least on kernel
	 2.4.18).

 * Fixed a problem with `BDB' and `ALTER TABLE'.

 * Fixed reference to freed memory when doing complicated `GROUP BY
   ... ORDER BY' queries.  Symptom was that `mysqld' died in function
   `send_fields'.

 * Allocate heap rows in smaller blocks to get better memory usage.

 * Fixed memory allocation bug when storing `BLOB' values in internal
   temporary tables used for some (unlikely) `GROUP BY' queries.

 * Fixed a bug in key optimizing handling where the expression `WHERE
   column_name = key_column_name' was calculated as true for `NULL'
   values.

 * Fixed core dump bug when doing `LEFT JOIN ... WHERE
   key_column=NULL'.

 * Fixed `MyISAM' crash when using dynamic-row tables with huge
   numbers of packed fields.


Additional notes:

 * Due to a hardware failure, we are currently unable to provide
   Solaris 2.7 binaries - we apologize for any inconveniences that
   may cause you.
 * The windows binaries may not have been copied to all mirror sites
   yet - please give the mirrors a while to synchronize.

Bye,
	LenZ
- -- 
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /      Mr. Lenz Grimmer <lenz@stripped>
 / /|_/ / // /\ \/ /_/ / /__     MySQL AB, Production Engineer
/_/  /_/\_, /___/\___\_\___/     Hamburg, Germany
       <___/   www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE9+J68SVDhKrJykfIRAoOZAJ9bmYWgyPOkcx/067TM3vKt+81pTACdE3sG
jCZsNbHwXpqigRpL96RHQZQ=
=KcLE
-----END PGP SIGNATURE-----

Thread
MySQL 3.23.54 is releasedLenz Grimmer12 Dec