-----BEGIN PGP SIGNED MESSAGE-----
MySQL 3.23.54, a new version of the world's most popular Open Source
Database, has been released. It is now available in source and binary
form for a number of platforms from our download pages at
http://www.mysql.com/downloads/ and mirror sites.
This is a bugfix release for the current stable tree.
Apart from fixing several bugs, this release also resolves multiple
security vulnerabilities that have been found and reported to us by Stefan
Esser from e-matters GmbH, Germany. You can read the full text of Stefans
We are very grateful for his help in spotting and reporting this problem
As these vulnerabilities can be exploited from a remote attacker to crash
the MySQL server or to execute arbitrary code with the privileges of the
user running the MySQL server, we strongly advise all users to upgrade to
MySQL 4.0 is also affected by this problem - we will provide updated
packages for this version as soon as possible, too. The required fixes
have already been applied to our public BitKeeper source repositories as
>From the ChangeLog:
* Fixed a bug, that allowed to crash `mysqld' with a specially
* Fixed a rare crash (double `free''d pointer) when altering a
* Fixed buffer overrun in `libmysqlclient' library that allowed
malicious `MySQL' server to crash the client application.
* Fixed security-related bug in `mysql_change_user()' handling. All
users are strongly recommended to upgrade to the version 3.23.54.
* Fixed bug that prevented `--chroot' command-line option of `mysqld'
* Fixed bug that made `OPTIMIZE TABLE' to corrupt the table under
some rare circumstances.
* Fixed `mysqlcheck' so it can deal with table names containing
* Fixed shutdown problem on Mac OS X.
* Fixed bug with comparing an indexed `NULL' field with `<=> NULL'.
* Fixed bug that caused `IGNORE INDEX' and `USE INDEX' sometimes to
* Fixed rare core dump problem in complicated `GROUP BY' queries that
didn't return any result.
* Fixed a bug where `MATCH ... AGAINST () >=0' was treated as if it
* One can create `TEMPORARY' `MERGE' tables now.
* Fixed that `--core-file' works on Linux (at least on kernel
* Fixed a problem with `BDB' and `ALTER TABLE'.
* Fixed reference to freed memory when doing complicated `GROUP BY
... ORDER BY' queries. Symptom was that `mysqld' died in function
* Allocate heap rows in smaller blocks to get better memory usage.
* Fixed memory allocation bug when storing `BLOB' values in internal
temporary tables used for some (unlikely) `GROUP BY' queries.
* Fixed a bug in key optimizing handling where the expression `WHERE
column_name = key_column_name' was calculated as true for `NULL'
* Fixed core dump bug when doing `LEFT JOIN ... WHERE
* Fixed `MyISAM' crash when using dynamic-row tables with huge
numbers of packed fields.
* Due to a hardware failure, we are currently unable to provide
Solaris 2.7 binaries - we apologize for any inconveniences that
may cause you.
* The windows binaries may not have been copied to all mirror sites
yet - please give the mirrors a while to synchronize.
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer <lenz@stripped>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer
/_/ /_/\_, /___/\___\_\___/ Hamburg, Germany
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
|• MySQL 3.23.54 is released||Lenz Grimmer||12 Dec|