2010年6月 1日

[installer 2381] mysql-5.0.91

mysql-5.0.91 出ています。

複数のセキュリティホールの修正が含まれています。

☆ mysql-5.0.91
http://www.mysql.com/
http://downloads.mysql.com/archives.php?p=mysql-5.0&v=5.0.91
http://downloads.mysql.com/archives/mysql-5.0/mysql-5.0.91.tar.gz


http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html)

C.1.1. Changes in MySQL 5.0.91 (05 May 2010)

End of Product Lifecycle.
Active development and support for MySQL Database Server version 5.0
has ended. However, there is still extended support available. For
details, see
http://www.mysql.com/about/legal/lifecycle/#calendar. According to
the MySQL Lifecycle Policy (see
http://www.mysql.com/about/legal/lifecycle/#policy), only Security
and Severity Level 1 issues will still be fixed for MySQL 5.0. Please
consider upgrading to a recent version.


This section documents all changes and bugfixes that have been applied
since the last MySQL Enterprise Server and MySQL Community Server
release (5.0.90). If you would like to receive more fine-grained and
personalized update alerts about fixes that are relevant to the
version and features you use, please consider subscribing to MySQL
Enterprise (a commercial MySQL offering). For more details please see
http://www.mysql.com/products/enterprise/advisors.html.

Bugs fixed:

* Security Fix: The server failed to check the table name argument
of a COM_FIELD_LIST command packet for validity and compliance to
acceptable table name standards. This could be exploited to
bypass almost all forms of checks for privileges and table-level
grants by providing a specially crafted table name argument to
COM_FIELD_LIST.

In MySQL 5.0 and above, this allowed an authenticated user with
SELECT privileges on one table to obtain the field definitions of
any table in all other databases and potentially of other MySQL
instances accessible from the server's file system.

Additionally, for MySQL version 5.1 and above, an authenticated
user with DELETE or SELECT privileges on one table could delete
or read content from any other table in all databases on this
server, and potentially of other MySQL instances accessible from
the server's file system. (Bug#53371, CVE-2010-1848)

* Security Fix: The server was susceptible to a buffer-overflow
attack due to a failure to perform bounds checking on the table
name argument of a COM_FIELD_LIST command packet. By sending long
data for the table name, a buffer is overflown, which could be
exploited by an authenticated user to inject malicious
code. (Bug#53237, CVE-2010-1850)

* Security Fix: The server could be tricked into reading packets
indefinitely if it received a packet larger than the maximum size
of one packet. (Bug#50974, CVE-2010-1849)

* The optimizer could attempt to evaluate the WHERE clause before
any rows had been read, resulting in a server crash. (Bug#52177)

* On Windows, LOAD_FILE() could cause a crash for some
pathnames. (Bug#51893)

* Use of HANDLER statements with tables that had spatial indexes
caused a server crash. (Bug#51357)

* With an XA transaction active, SET autocommit = 1 could cause
side effects such as memory corruption or a server
crash. (Bug#51342)

* The SSL certificates in the test suite were about to expire. They
have been updated with expiration dates in the year
2015. (Bug#50642)

* For debug builds, an assertion was incorrectly raised in the
optimizer when matching ORDER BY expressions. (Bug#50335)

* The filesort sorting method applied to a CHAR(0) column could
lead to a server crash. (Bug#49897)

* sql_buffer_result had an effect on non-SELECT statements,
contrary to the documentation. (Bug#49552)

* EXPLAIN EXTENDED crashed trying to print column names for a
subquery in the FROM clause when the table had gone out of
scope. (Bug#49487)

* mysql-test-run.pl now recognizes the MTR_TESTCASE_TIMEOUT,
MTR_SUITE_TIMEOUT, MTR_SHUTDOWN_TIMEOUT, and MTR_START_TIMEOUT
environment variables. If they are set, their values are used to
set the --testcase-timeout, --suite-timeout, --shutdown-timeout,
and --start-timeout options, respectively. (Bug#49210)

* Certain INTERVAL expressions could cause a crash on 64-bit
systems. (Bug#48739)

* The server crashed when it could not determine the best execution
plan for queries involving outer joins with nondeterministic ON
clauses such as the ones containing the RAND() function, a
user-defined function, or a NOT DETERMINISTIC stored
function. (Bug#48483)

* If an outer query was invalid, a subquery might not even be set
up. EXPLAIN EXTENDED did not expect this and caused a crash by
trying to dereference improperly set up information. (Bug#48295)

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html)

C.1.2. Changes in MySQL 5.0.90 (15 January 2010)

This section documents all changes and bugfixes that have been applied
since the last MySQL Enterprise Server and MySQL Community Server
release (5.0.89). If you would like to receive more fine-grained and
personalized update alerts about fixes that are relevant to the
version and features you use, please consider subscribing to MySQL
Enterprise (a commercial MySQL offering). For more details please see
http://www.mysql.com/products/enterprise/advisors.html.

Bugs fixed:

* Security Fix: For servers built with yaSSL, a preauthorization
buffer overflow could cause memory corruption or a server
crash. We thank Evgeny Legerov from Intevydis for providing us
with a proof-of-concept script that allowed us to reproduce this
bug. (Bug#50227, CVE-2009-4484)

* Replication: FLUSH LOGS did not actually close and reopen the
binary log index file. (Bug#48738)

See also Bug#34582.

* Some prepared statements could raise an assertion when
re-executed. (Bug#49570)

* Valgrind warnings for CHECKSUM TABLE were corrected. (Bug#49465)

* Specifying an index algorithm (such as BTREE) for SPATIAL or
FULLTEXT indexes caused a server crash. These index types do not
support algorithm specification, and it is now disallowed to do
so. (Bug#49250)

* The optimizer sometimes incorrectly handled conditions of the
form WHERE col_name='const1' AND col_name='const2'. (Bug#49199)

* Several strmake() calls had an incorrect length argument (too
large by one). (Bug#48983)

* On Fedora 12, strmov() did not guarantee correct operation for
overlapping source and destination buffer. Calls were fixed to
use an overlap-safe version instead. (Bug#48866)

* Incomplete reset of internal TABLE structures could cause a crash
with eq_ref table access in subqueries. (Bug#48709)

* Re-execution of a prepared statement could cause a server
crash. (Bug#48508)

* The error message for ER_UPDATE_INFO was subject to buffer
overflow or truncation. (Bug#48500)

* On Solaris, no stack trace was printed to the error log after a
crash. (Bug#47391)

* A crash occurred when a user variable that was assigned to a
subquery result was used as a result field in a SELECT statement
with aggregate functions. (Bug#47371)

* Comparison with NULL values sometimes did not produce a correct
result. (Bug#42760)

* When compressed MyISAM files were opened, they were always memory
mapped, sometimes causing memory-swapping problems. To deal with
this, a new system variable, myisam_mmap_size, was added to limit
the amount of memory used for memory mapping of MyISAM
files. (Bug#37408)

----
こがよういちろう


投稿者 xml-rpc : 2010年6月 1日 10:39
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/96094
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。