Tag: release

Categories
PHP

PHP 5.3.14

On june 14th 2012, the PHP group has released PHP 5.3.14, that brings over 30 bug fixes, some of which are security related : A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. Please also note that the use of php://fd streams is now restricted to the CLI SAPI (php5-cli).

Packages of PHP 5.3.14 are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
MySQL

Percona toolkit 2.1.2

Percona toolkit 2.1.2 is now available on Dotdeb for Debian 6.0 “Squeeze”. It brings a lot of bug fixes :

  • pt-table-sync is now working properly, the --lock-and-rename feature has been disabled when using it with MySQL versions that don’t support it reliably.
  • pt-table-checksum and pt-online-schema-change have been enhanced to add even more safety checks, and to detect and deal with some MySQL optimizer misbehaviors, as well as to handle more edge-case behaviors related to things like replication lag.
  • A variety of bugfixes in pretty much every tool because of an expanded test coverage : more MySQL versions, more operating system platforms, more types of MySQL server settings, and more versions of Perl.

Baron Schwartz also wrote a blog post about it.

Categories
Nginx

Nginx 1.2.1

Dotdeb’s packages of Nginx 1.2.1 are now available for Debian 6.0 “Squeeze” (amd64/i386). They fix some bugs and enhance the IPv6 support. Please take a look at Nginx’ official Changelog before upgrading.

Please also note that Naxsi has been upgraded to the 0.46-1 version.

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.

Categories
MySQL

MySQL 5.5.25

The packages of MySQL 5.5.25 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fixes some InnoDB- and replication-related issues.

As usual, please read carefully the full Changelog before upgrading.

Categories
Redis

Redis 2.4.14

Redis 2.4.14 has been released to fix many non trivial bugs :

  • [BUGFIX] Fixed issue #518 (Redis 99% CPU when master down).
  • [BUGFIX] Fixed issue #516 (ZINTERSTORE mixing sets and zsets).
  • [BUGFIX] Fixed a bug in install_server.sh when using chkconfig
  • [BUGFIX] Fixes to --test-memory implementation.
  • [BUGFIX] Allow PREFIX to be overridden in Makefile.
  • [BUGFIX] The test is now more reliable on slow computers.
  • redis-cli –pipe mode, see http://redis.io/topics/mass-insert
  • Much better expired keys collection algorithm that makes the server much more responsive when a lot of keys are expiring at the same time.

The packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. The upgrade urgency is high.

Categories
PHP

Security : PHP 5.4.3 and PHP 5.3.13

PHP 5.4.3 and PHP 5.3.13 have been released by the PHP development team to fix some critical security issues :

  • Source code disclosure with a trivial request (CVE-2012-1823 and CVE-2012-2311) –  PHP 5.4 and 5.3 are vulnerable
  • buffer overflow in apache_request_headers() (CVE-2012-2329) – only PHP 5.4 is vulnerable.

If you’re using the CGI flavor of PHP, upgrading is highly recommended. You can see more info on PHP’s website and on this useful blog post.

Packages of PHP 5.4.3 and PHP 5.3.13 are available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please also note that they fix the error logging features of PHP-FPM.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
MySQL

MySQL 5.5.24

The packages of MySQL 5.5.24 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. It fixes an undisclosed security issue (thanks Oracle) and some other bugs as well.

As usual, please read carefully the full Changelog before upgrading.

Note : the packages have been updated to include a missing init script. Sorry for the mess.

Categories
MySQL

Security update : MySQL 5.1.62

MySQL 5.1.62 packages are now available for Debian 6.0 “Squeeze” on amd64 and i386 architectures.

This is a important security update that fixes unspecified vulnerabilities identified by Oracle in all versions of MySQL 5.1 earlier than 5.1.62. If you did not upgrade to MySQL 5.5, please consider upgrading your MySQL server (at least) to 5.1.62.

FYI, CVE list is as follows :

The corresponding Pinba storage engine has also been rebuilt.

And, as usual, please read the Changelog before upgrading.

Categories
Redis

Redis 2.4.13

Redis 2.4.13 has been released to fix a critical bug in KEYS command :

  • [BUGFIX] Fix for KEYS command: if the DB contains keys with expires the KEYS command may return the wrong output, having duplicated or missing keys. See issue #487 and #488 on github for details.

The packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Upgrading is strongly advised.

Categories
PHP

PHP 5.4.1

On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related :

Security Enhancements and Fixes in PHP 5.4.1:

  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Add open_basedir checks to readline_write_history and readline_read_history.

Key enhancements in PHP 5.4.1 include:

  • Added debug info handler to DOM objects.
  • Fixed bug #61172 (Add Apache 2.4 support).

Packages of PHP 5.4.1 and of all its related extensions are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please note that :

  • php5-xcache is now available in its 2.0 version,
  • the Suhosin patch is still absent from this build.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.