-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-15166 2010-09-24 20:12:33 --------------------------------------------------------------------------------
Name : mysql Product : Fedora 13 Version : 5.1.50 Release : 2.fc13 URL : http://www.mysql.com Summary : MySQL client programs and shared libraries Description : MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.
-------------------------------------------------------------------------------- Update Information:
Update to mysql 5.1.50, for numerous bug fixes including some low-grade security issues.
See upstream release notes at: * http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html * http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html -------------------------------------------------------------------------------- ChangeLog:
* Sat Aug 28 2010 Tom Lane tgl@redhat.com 5.1.50-2 - Include my_compiler.h in distribution, per upstream bug #55846. Otherwise PHP, for example, won't build. * Sat Aug 28 2010 Tom Lane tgl@redhat.com 5.1.50-1 - Update to MySQL 5.1.50, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html * Tue Jul 13 2010 Tom Lane tgl@redhat.com 5.1.48-2 - Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and -embedded subpackages, to ensure they are available when any subset of mysql RPMs are installed, per revised packaging guidelines - Allow init script's STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig Related: #609734 * Mon Jun 21 2010 Tom Lane tgl@redhat.com 5.1.48-1 - Update to MySQL 5.1.48, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html including a fix for CVE-2010-2008 Related: #614214 * Fri Jun 4 2010 Tom Lane tgl@redhat.com 5.1.47-2 - Add back "partition" storage engine Resolves: #597390 - Fix broken "federated" storage engine plugin Related: #587170 - Read all certificates in SSL certificate files, to support chained certs Related: #598656 * Mon May 24 2010 Tom Lane tgl@redhat.com 5.1.47-1 - Update to MySQL 5.1.47, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html including fixes for CVE-2010-1848, CVE-2010-1849, CVE-2010-1850 Resolves: #592862 Resolves: #583717 - Create mysql group explicitly in pre-server script, to ensure correct GID Related: #594155 * Sat Apr 24 2010 Tom Lane tgl@redhat.com 5.1.46-1 - Update to MySQL 5.1.46, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-46.html -------------------------------------------------------------------------------- References:
[ 1 ] Bug #628040 - CVE-2010-3677 MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575) https://bugzilla.redhat.com/show_bug.cgi?id=628040 [ 2 ] Bug #628062 - CVE-2010-3679 MySQL: Use of unassigned memory (valgrind errors / crash) by providing certain values to BINLOG statement (MySQL BZ#54393) https://bugzilla.redhat.com/show_bug.cgi?id=628062 [ 3 ] Bug #628172 - CVE-2010-3678 MySQL: mysqld DoS (crash) by processing IN / CASE statements with NULL arguments (MySQL bug #54477) https://bugzilla.redhat.com/show_bug.cgi?id=628172 [ 4 ] Bug #628192 - CVE-2010-3680 MySQL: mysqld DoS (assertion failure) by using temporary InnoDB engine tables with nullable columns (MySQL bug #54044) https://bugzilla.redhat.com/show_bug.cgi?id=628192 [ 5 ] Bug #628328 - CVE-2010-3682 MySQL: mysqld DoS (crash) by processing EXPLAIN statements for complex SQL queries (MySQL bug #52711) https://bugzilla.redhat.com/show_bug.cgi?id=628328 [ 6 ] Bug #628660 - CVE-2010-3676 MySQL: mysqld DoS (assertion failure) after changing InnoDB storage engine configuration parameters (MySQL bug #55039) https://bugzilla.redhat.com/show_bug.cgi?id=628660 [ 7 ] Bug #628680 - CVE-2010-3681 MySQL: mysqld DoS (assertion failure) by alternate reads from two indexes on a table using the HANDLER interface (MySQL bug #54007) https://bugzilla.redhat.com/show_bug.cgi?id=628680 [ 8 ] Bug #628698 - CVE-2010-3683 MySQL: mysqld DoS (assertion failure) while reading the file back into a table (MySQL bug #52512) https://bugzilla.redhat.com/show_bug.cgi?id=628698 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update mysql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org