MySQL

MySQL 5.1.41 has been updated to fix a security issue

Post author By Guillaume Plessis
Post date January 20, 2010
12 Comments on MySQL 5.1.41 has been updated to fix a security issue

I just uploaded new MySQL 5.1.41 packages that fix a remote buffer overflow in MySQL servers that use the embedded YaSSL library :

Lenz Grimmer gives more information about this issue
CVE-2009-4484 has been filled

Since Debian and Dotdeb are impacted, you are strongly encouraged to upgrade your servers.

Tags MySQL, MySQL 5.1, release, security

12 replies on “MySQL 5.1.41 has been updated to fix a security issue”

Hi Guillaume thanks for rapidly responding to security updates for your packages

have you considered push notification of mirrors so that they can replicate these updates quickly?

sorry forgot to add, uk mirror is now uptodate with this (earlier than the normal 24 hour window)

@Anthony : there is no push to the mirrors yet, but I think I’ll have to think about such a system (inspired from Debian’s one? http://www.debian.org/mirror/ftpmirror#when )

BTW, thanks for updating the UK mirror so quickly.

New version of MySQL is 5.1.42.
http://dev.mysql.com/downloads/mysql/

New version of MySQL is 5.1.43.
http://dev.mysql.com/downloads/mysql/

@Psychos : Greeat! But Debian’s one is still 5.1.41 (with bug- and security- fixes)

http://packages.debian.org/sid/mysql-server-5.1

Please be some more patient 🙂

I’m trying to rebuild your 5.1.43 package with a patch but there are always failing tests (with or without the patch)

Failing test(s): main.partition_innodb main.information_schema_chmod main.trigger rpl.rpl_rotate_logs

I’m running AMD64 Lenny. Any ideas? What are your dpkg-buildpackage parameters?

@Moritz : try to set to set this environment variable :

DEB_BUILD_OPTIONS=nocheck

@Guillaume: Thank you very much! Works like a charm 🙂

Do you have the tests enabled when building your packages?

@Moritz : Yes, most of them (building MySQL in a chroot makes some of them fail)

Hi Guillaume,

First, thanks for your work compiling and packaging mysql 5.1

I suggest that you could activate the –enable-thread-safe-client flag. It won’t do any harmful, and it will benefit a lot the people (like me ;D) that uses multithreaded applications on debian!

@Alberto : I just checked the last MySQL packages for Lenny. They have the thread safety enabled.

Comments are closed.