MySQL 5.1.61 packages are now available for Debian 6.0 “Squeeze” on amd64 and i386 architectures.
This is a very important security update that fixes unspecified vulnerabilities identified by Oracle in all versions of MySQL 5.1 earlier than 5.1.61. If you did not upgrade to MySQL 5.5, please consider upgrading your MySQL server (at least) to 5.1.61.
FYI, CVE list is as follows :
- CVE-2011-2262
- CVE-2012-0075
- CVE-2012-0087
- CVE-2012-0101
- CVE-2012-0102
- CVE-2012-0112
- CVE-2012-0113
- CVE-2012-0114
- CVE-2012-0115
- CVE-2012-0116
- CVE-2012-0118
- CVE-2012-0119
- CVE-2012-0120
- CVE-2012-0484
- CVE-2012-0485
- CVE-2012-0490
- CVE-2012-0492.
The corresponding Pinba storage engine has also been rebuilt.
And, as usual, please read the Changelog before upgrading.
14 replies on “Security update : MySQL 5.1.61”
Just upgraded MySQL from 5.1.57 without any problems. Thank you!
does the mysql-common package still need to be upgraded manually?
Looks like it – would be nice to have this sorted, so there are no conflicts between mysql 5.5 and 5.1
@Jools : you can now safely install mysql-common 5.5, it works with MySQL 5.1 servers.
Is that ideal though ? since the config for 5.5 excludes the info for mysql 5.1.x regarding innodb plugin and example lines.
It’s not ideal, but it’s safe. You can also stick to mysql-common 5.1 by upgrading it manually or by tricking APT through apt-pinning.
That’s just about a text file after all 🙂
Wow…..!!!! I was waiting long time for MySQL 5.1.61 upgrade version. I already installed of this upgrade version and it’s more suitable, secure and faster than previous one.
Thanks for giving us the information of MySQL 5.1.61 upgrade version.
how about making a mysql-common-5.x for each that does a deb “provide” for mysql-common, or a mysql-common that is a virtual package that requires either common 5.1 or 5.5 packages ?
One of those be my solution i guess.. I’m happy to contribute if on of these seems good? I think the meta one, unless ive missed something regarding debian dependencies would work the best ?
Thanks for adding my last pull request though (ngx add/remove scripts) – Have you officially announced the github stuff? Maybe a generic forum would work on top, for ideas, and I’m sure many others are willing to help. dotdeb will always be your baby, but you can have some others help nurture her 😉
@Jools : building mysql-common-5.x packages is possible, but could lead to upgrade problems when upgrading/downgrading to regular Debian packages. I’ll follow Debian’s choices on this topic, to ease the back ports and interoperability.
About Github, I don’t think I’ll announce anything. I’ll just post links when people need to report serious issues. It makes no sense to have the same buzz/mess on Github as in Dotdeb’s comments. Maybe a forum could help, you’re right.
Thanks for your ideas.
Hi all
Thx for you great work. I’ve installed the mysql 5.5. If I start phpmyadmin I see, that Debian Squeeze use MySQL-Client-Version: 5.0.51a insteed the MySQL-Client-Version for Mysql 5.5.
How can I fix that?
Thanks a lot
St
@Stefan : that’s just a warning, ignore it.
Fresh squeeze install
sources.list:
deb http://packages.dotdeb.org squeeze all
root@host:~# apt-get install mysql-server-5.1
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
mysql-server-5.1 : Depends: mysql-client-5.1 (>= 5.1.61-2~dotdeb.0) but it is not going to be installed
E: Broken packages
root@host:~#
Ideas?
@AMbd : try to play with apt-cache (ex : apt-cache policy mysql-client-5.1) or tools like dselect or aptitude to understand why APT doesn’t want to install mysql-client-5.1.