====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN251
____________________________________________________________________

DATE                :  12/06/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running MySQL versions 5.1, 5.2
                       prior to 5.1.63, 5.2.24.

======================================================================
http://lists.mysql.com/announce/783
http://lists.mysql.com/announce/785
______________________________________________________________________

Dear MySQL users,

MySQL Server 5.1.63, a new version of the popular Open Source
Database Management System, has been released. MySQL 5.1.63 is
recommended for use on production systems.

For an overview of what's new in MySQL 5.1, please see

http://dev.mysql.com/doc/refman/5.1/en/mysql-nutshell.html

For information on installing MySQL 5.1.63 on new servers or upgrading
to MySQL 5.1.63 from previous MySQL releases, please see

http://dev.mysql.com/doc/refman/5.1/en/installing.html

MySQL Server is available in source and binary form for a number of
platforms from our download pages at

http://dev.mysql.com/downloads/

Not all mirror sites may be up to date at this point in time, so if you
can't find this version on some mirror, please try again later or choose
another download site.

We welcome and appreciate your feedback, bug reports, bug fixes,
patches, etc:

http://forge.mysql.com/wiki/Contributing

For information on open issues in MySQL 5.1, please see the errata
list at

http://dev.mysql.com/doc/refman/5.1/en/bugs.html

The following section lists the changes in the MySQL source code since
the previous released version of MySQL 5.1. It may also be viewed
online at

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html

Enjoy!

=======================================================================
D.1.1. Changes in MySQL 5.1.63 (7th May, 2012)

    Bugs Fixed

      * Security Fix: Bug #64884 was fixed.

      * Security Fix: Bug #59387 was fixed.

      * InnoDB: Deleting a huge amount of data from InnoDB tables
        within a short time could cause the purge operation that
        flushes data from the buffer pool to stall. If this issue
        occurs, restart the server to work around it. This issue is
        only likely to occur on 32-bit platforms. (Bug #13847885)

      * InnoDB: If the server crashed during a TRUNCATE TABLE or
        CREATE INDEX statement for an InnoDB table, or a DROP DATABASE
        statement for a database containing InnoDB tables, an index
        could be corrupted, causing an error message when accessing
        the table after restart:
        InnoDB: Error: trying to load index index_name for table
        table_name
        InnoDB: but the index tree has been freed!
        In MySQL 5.1, this fix applies to the InnoDB Plugin, but not
        the built-in InnoDB storage engine. (Bug #12861864, Bug
        #11766019)

      * InnoDB: When data was removed from an InnoDB table, newly
        inserted data might not reuse the freed disk blocks, leading
        to an unexpected size increase for the system tablespace or
        .ibd file (depending on the setting of innodb_file_per_table.
        The OPTIMIZE TABLE could compact a .ibd file in some cases but
        not others. The freed disk blocks would eventually be reused
        as additional data was inserted. (Bug #11766634, Bug #59783)

      * Partitioning: After updating a row of a partitioned table and
        selecting that row within the same transaction with the query
        cache enabled, then performing a ROLLBACK, the same result was
        returned by an identical SELECT issued in a new transaction.
        (Bug #11761296, Bug #53775)

      * Replication: The --relay-log-space-limit option was sometimes
        ignored.
        More specifically, when the SQL thread went to sleep, it
        allowed the I/O thread to queue additional events in such a
        way that the relay log space limit was bypassed, and the
        number of events in the queue could grow well past the point
        where the relay logs needed to be rotated. Now in such cases,
        the SQL thread checks to see whether the I/O thread should
        rotate and provide the SQL thread a chance to purge the logs
        (thus freeing space).
        Note that, when the SQL thread is in the middle of a
        transaction, it cannot purge the logs; it can only ask for
        more events until the transaction is complete. Once the
        transaction is finished, the SQL thread can immediately
        instruct the I/O thread to rotate. (Bug #12400313, Bug #64503)
        References: See also Bug #13806492.

      * Mishandling of NO_BACKSLASH_ESCAPES SQL mode within stored
        procedures on slave servers could cause replication failures.
        (Bug #12601974)

      * If the system time was adjusted backward during query
        execution, the apparent execution time could be negative. But
        in some cases these queries would be written to the slow query
        log, with the negative execution time written as a large
        unsigned number. Now statements with apparent negative
        execution time are not written to the slow query log. (Bug
        #63524, Bug #13454045) References: See also Bug #27208.

      * mysql_store_result() and mysql_use_result() are not for use
        with prepared statements and are not intended to be called
        following mysql_stmt_execute(), but failed to return an error
        when invoked that way in libmysqld. (Bug #62136, Bug
        #13738989) References: See also Bug #47485.

      * SHOW statements treated stored procedure, stored function, and
        event names as case sensitive. (Bug #56224, Bug #11763507)

      * On Windows, mysqlslap crashed for attempts to connect using
        shared memory. (Bug #31173, Bug #11747181, Bug #59107, Bug
        #11766072)

Thanks,
On Behalf of, Oracle MySQL RE Team

Sunanda Menon
MySQL Release Engineer

______________________________________________________________________


Dear MySQL users,


MySQL 5.5.24 is a new version of the 5.5 production release of the
world's most popular open source database. MySQL 5.5.24 is recommended
for use on production systems.

MySQL 5.5 includes several high-impact enhancements to improve the
performance and scalability of the MySQL Database, taking advantage of
the latest multi-CPU and multi-core hardware and operating systems. In
addition, with release 5.5, InnoDB is now the default storage engine for
the MySQL Database, delivering ACID transactions, referential integrity
and crash recovery by default.

MySQL 5.5 also provides a number of additional enhancements including:

    - Significantly improved performance on Windows, with various
      Windows specific features and improvements
    - Higher availability, with new semi-synchronous replication and
      Replication Heart Beat
    - Improved usability, with Improved index and table partitioning,
      SIGNAL/RESIGNAL support and enhanced diagnostics, including a new
      Performance Schema monitoring capability.

For a more complete look at what's new in MySQL 5.5, please see the
following resources:

MySQL 5.5 is GA, Interview with Tomas Ulin:
http://dev.mysql.com/tech-resources/interviews/thomas-ulin-mysql-55.html

Documentation:
    http://dev.mysql.com/doc/refman/5.5/en/mysql-nutshell.html

Whitepaper: What's New in MySQL 5.5:
http://dev.mysql.com/why-mysql/white-papers/mysql-wp-whatsnew-mysql-55.php

If you are running a MySQL production level system, we would like to
direct your attention to MySQL Enterprise Edition, which includes the
most comprehensive set of MySQL production, backup, monitoring,
modeling, development, and administration tools so businesses can
achieve the highest levels of MySQL performance, security and uptime.
    http://mysql.com/products/enterprise/

For information on installing MySQL 5.5.24 on new servers, please see
the MySQL installation documentation at
    http://dev.mysql.com/doc/refman/5.5/en/installing.html

For upgrading from previous MySQL releases, please see the important
upgrade considerations at:
    http://dev.mysql.com/doc/refman/5.5/en/upgrading.html

MySQL Database 5.5.24 is available in source and binary form for a
number of platforms from our download pages at:
    http://dev.mysql.com/downloads/mysql/

Not all mirror sites may be up to date at this point in time, so if you
can't find this version on some mirror, please try again later or choose
another download site.

We welcome and appreciate your feedback, bug reports, bug fixes,
patches, etc.:
    http://forge.mysql.com/wiki/Contributing

The following section lists the changes in the MySQL source code since
the previous released version of MySQL 5.5. It may also be viewed
online at:
    http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html

Enjoy!

On behalf of the MySQL Build Team,
Joerg Bruehe


Changes in MySQL 5.5.24 (2012-May-7)

Functionality Added or Changed

  * Important Change: Replication: INSERT ON DUPLICATE KEY UPDATE
    is now marked as unsafe for statement-based replication if the
    target table has more than one primary or unique key. For more
    information, see Section 16.1.2.3, "Determination of Safe and
    Unsafe Statements in Binary Logging."

Bugs Fixed

  * Security Fix: Bug #64884 was fixed.

  * InnoDB: Replication: When binary log statements were replayed
    on the slave, the Com_insert, Com_update, and Com_delete
    counters were incremented by BEGIN statements initiating
    transactions affecting InnoDB tables but not by COMMIT
    statements ending such transactions. This affected these
    statements whether they were replicated or they were run using
    mysqlbinlog. (Bug #12662190)

  * If the --bind-address option was given a host name value and
    the host name resolved to more than one IP address, the server
    failed to start. For example, with --bind-address=localhost,
    if localhost resolved to both 127.0.0.1 and ::1, startup
    failed. Now the server prefers the IPv4 address in such cases.
    (Bug #61713, Bug #12762885)

  * mysql_store_result() and mysql_use_result() are not for use
    with prepared statements and are not intended to be called
    following mysql_stmt_execute(), but failed to return an error
    when invoked that way in libmysqld. (Bug #62136, Bug
    #13738989)
    References: See also Bug #47485.

  * On Windows, mysqlslap crashed for attempts to connect using
    shared memory. (Bug #31173, Bug #11747181, Bug #59107, Bug
    #11766072)


-- 
Joerg Bruehe,  MySQL Build Team,  joerg.bruehe@stripped
ORACLE Deutschland B.V. & Co. KG,   Komturstrasse 18a,   D-12099 Berlin
Geschaeftsfuehrer: Juergen Kunz     Amtsgericht Muenchen: HRA 95603
Komplementaerin: ORACLE Deutschland Verwaltung B.V. Utrecht, Niederlande
Geschaeftsfuehrer: Alexander van der Ven, Astrid Kepper, Val Maher


-- 
MySQL Announce Mailing List
For list archives: http://lists.mysql.com/announce
To unsubscribe:    http://lists.mysql.com/announce


======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================