mysql:6716
From: とみたまさひろ <とみたまさひろ <tommy@xxxxxxxxxx>>
Date: Sat, 14 Dec 2002 16:58:43 +0900
Subject: [mysql 06716] Fw: MySQL 3.23.54 is released
とみたです。 MySQL 3.23.54 が出たようです。 Begin forwarded message: Date: Thu, 12 Dec 2002 15:35:40 +0100 (CET) From: Lenz Grimmer <lenz@xxxxxxxxxx> To: announce@xxxxxxxxxx Cc: mysql@xxxxxxxxxx, <packagers@xxxxxxxxxx> Subject: MySQL 3.23.54 is released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, MySQL 3.23.54, a new version of the world's most popular Open Source Database, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://www.mysql.com/downloads/ and mirror sites. This is a bugfix release for the current stable tree. Apart from fixing several bugs, this release also resolves multiple security vulnerabilities that have been found and reported to us by Stefan Esser from e-matters GmbH, Germany. You can read the full text of Stefans advisory here: http://security.e-matters.de/advisories/042002.html We are very grateful for his help in spotting and reporting this problem to us. As these vulnerabilities can be exploited from a remote attacker to crash the MySQL server or to execute arbitrary code with the privileges of the user running the MySQL server, we strongly advise all users to upgrade to this version. MySQL 4.0 is also affected by this problem - we will provide updated packages for this version as soon as possible, too. The required fixes have already been applied to our public BitKeeper source repositories as well. From the ChangeLog: * Fixed a bug, that allowed to crash `mysqld' with a specially crafted packet. * Fixed a rare crash (double `free''d pointer) when altering a temporary table. * Fixed buffer overrun in `libmysqlclient' library that allowed malicious `MySQL' server to crash the client application. * Fixed security-related bug in `mysql_change_user()' handling. All users are strongly recommended to upgrade to the version 3.23.54. * Fixed bug that prevented `--chroot' command-line option of `mysqld' from working. * Fixed bug that made `OPTIMIZE TABLE' to corrupt the table under some rare circumstances. * Fixed `mysqlcheck' so it can deal with table names containing dashes. * Fixed shutdown problem on Mac OS X. * Fixed bug with comparing an indexed `NULL' field with `<=> NULL'. * Fixed bug that caused `IGNORE INDEX' and `USE INDEX' sometimes to be ignored. * Fixed rare core dump problem in complicated `GROUP BY' queries that didn't return any result. * Fixed a bug where `MATCH ... AGAINST () >=0' was treated as if it was `>'. * One can create `TEMPORARY' `MERGE' tables now. * Fixed that `--core-file' works on Linux (at least on kernel 2.4.18). * Fixed a problem with `BDB' and `ALTER TABLE'. * Fixed reference to freed memory when doing complicated `GROUP BY ... ORDER BY' queries. Symptom was that `mysqld' died in function `send_fields'. * Allocate heap rows in smaller blocks to get better memory usage. * Fixed memory allocation bug when storing `BLOB' values in internal temporary tables used for some (unlikely) `GROUP BY' queries. * Fixed a bug in key optimizing handling where the expression `WHERE column_name = key_column_name' was calculated as true for `NULL' values. * Fixed core dump bug when doing `LEFT JOIN ... WHERE key_column=NULL'. * Fixed `MyISAM' crash when using dynamic-row tables with huge numbers of packed fields. Additional notes: * Due to a hardware failure, we are currently unable to provide Solaris 2.7 binaries - we apologize for any inconveniences that may cause you. * The windows binaries may not have been copied to all mirror sites yet - please give the mirrors a while to synchronize. Bye, LenZ - -- For technical support contracts, visit https://order.mysql.com/?ref=mlgr __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Mr. Lenz Grimmer <lenz@xxxxxxxxxx> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Production Engineer /_/ /_/\_, /___/\___\_\___/ Hamburg, Germany <___/ www.mysql.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9+J68SVDhKrJykfIRAoOZAJ9bmYWgyPOkcx/067TM3vKt+81pTACdE3sG jCZsNbHwXpqigRpL96RHQZQ= =KcLE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail <announce-unsubscribe-tommy=tmtm.org@xxxxxxxxxx> To see the list archives, visit: http://lists.mysql.com/ -- とみたまさひろ <tommy@xxxxxxxxxx> 日本MySQLユーザ会 http://www.mysql.gr.jp