MySQL 5.0.91 リリース
投稿日時 2010-5-22 12:00:00 | トピック: MySQL 5.0
| MySQL 5.0.91 がリリースされました。MySQL 5.0 シリーズはすでに EoL を迎えていますが(延長サポートのみ継続)、セキュリティ問題への対応ということで今回リリースされたものです。
以下のURLからダウンロード可能です。ミラーサイトには配布されていないようです。 http://downloads.mysql.com/archives.php?p=mysql-5.0&v=5.0.91
MySQL開発のライフサイクルについては以下のURLの説明を参照ください。 http://www.mysql.de/about/legal/lifecycle/
----- 以下チェンジログ(5.0.91):
■バグ修正: * Security Fix: The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table-level grants by providing a specially crafted table name argument to COM_FIELD_LIST. In MySQL 5.0 and above, this allowed an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. Additionally, for MySQL version 5.1 and above, an authenticated user with DELETE or SELECT privileges on one table could delete or read content from any other table in all databases on this server, and potentially of other MySQL instances accessible from the server's file system. (Bug#53371: http://bugs.mysql.com/bug.php?id=53371, CVE-2010-1848 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1848))
* Security Fix: The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. (Bug#53237: http://bugs.mysql.com/bug.php?id=53237, CVE-2010-1850 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1850))
* Security Fix: The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet. (Bug#50974: http://bugs.mysql.com/bug.php?id=50974, CVE-2010-1849 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1849))
* The optimizer could attempt to evaluate the WHERE clause before any rows had been read, resulting in a server crash. (Bug#52177: http://bugs.mysql.com/bug.php?id=52177)
* On Windows, LOAD_FILE() could cause a crash for some pathnames. (Bug#51893: http://bugs.mysql.com/bug.php?id=51893)
* Use of HANDLER statements with tables that had spatial indexes caused a server crash. (Bug#51357: http://bugs.mysql.com/bug.php?id=51357)
* With an XA transaction active, SET autocommit = 1 could cause side effects such as memory corruption or a server crash. (Bug#51342: http://bugs.mysql.com/bug.php?id=51342)
* The SSL certificates in the test suite were about to expire. They have been updated with expiration dates in the year 2015. (Bug#50642: http://bugs.mysql.com/bug.php?id=50642)
* For debug builds, an assertion was incorrectly raised in the optimizer when matching ORDER BY expressions. (Bug#50335: http://bugs.mysql.com/bug.php?id=50335)
* The filesort sorting method applied to a CHAR(0) column could lead to a server crash. (Bug#49897: http://bugs.mysql.com/bug.php?id=49897)
* sql_buffer_result had an effect on non-SELECT statements, contrary to the documentation. (Bug#49552: http://bugs.mysql.com/bug.php?id=49552)
* EXPLAIN EXTENDED crashed trying to print column names for a subquery in the FROM clause when the table had gone out of scope. (Bug#49487: http://bugs.mysql.com/bug.php?id=49487)
* mysql-test-run.pl now recognizes the MTR_TESTCASE_TIMEOUT, MTR_SUITE_TIMEOUT, MTR_SHUTDOWN_TIMEOUT, and MTR_START_TIMEOUT environment variables. If they are set, their values are used to set the --testcase-timeout, --suite-timeout, --shutdown-timeout, and --start-timeout options, respectively. (Bug#49210: http://bugs.mysql.com/bug.php?id=49210)
* Certain INTERVAL expressions could cause a crash on 64-bit systems. (Bug#48739: http://bugs.mysql.com/bug.php?id=48739)
* The server crashed when it could not determine the best execution plan for queries involving outer joins with nondeterministic ON clauses such as the ones containing the RAND() function, a user-defined function, or a NOT DETERMINISTIC stored function. (Bug#48483: http://bugs.mysql.com/bug.php?id=48483)
* If an outer query was invalid, a subquery might not even be set up. EXPLAIN EXTENDED did not expect this and caused a crash by trying to dereference improperly set up information. (Bug#48295: http://bugs.mysql.com/bug.php?id=48295)
|
|