MySQL versions prior to 5.1.51 (including 5.1.50) suffer from a vulnerability in the processing of arguments passed to the LEAST()or GREATEST() functions. This issue could be exploited by a malicious user to cause a server crash, leading to a DoS condition.
You really should upgrade your Lenny servers (amd64 or i386) with the new packages of MySQL 5.1.51 from Dotdeb. As usual, don’t forget to read the Changelog before upgrading.
Mostafa
I have installed phpMyAdmin, But it says :
———————-
Your PHP MySQL library version 5.0.51a differs from your MySQL server version 5.1.51. This may cause unpredictable behavior.
———————-
Please fix it.
Guillaume Plessis
@Mostafa : as said many times on this blog, 5.0.51a is just the version of the libmysqlclient library PHP was built with. Don’t worry about that delta between the client side and the server side, it does not affect the PHP behaviour.
Xaekai
If only you offered your MySQL packages with Percona’s edits.
terii
Would there be plan to move to version 5.1.6+? I’m more interested in “event scheduler” feature – http://dev.mysql.com/doc/refman/5.1/en/events.html.
keep up the good works!
Guillaume Plessis
@terri : the event scheduler is part of MySQL as of MySQL 5.1.6, then MySQL 5.1.51 has it.
Jools
Any chance to packaging 5.1.52 – there is a problematic critical issue with 5.1.51
http://bugs.mysql.com/bug.php?id=57255
Many thanks! (In the meantime I will downgrade)
Guillaume Plessis
@Jools : yes, as soon as it’s available in Debian unstable/experimental.
Jools
In some cases as people are running dotdeb on production machines, would it not be good also
to provide new packages when serious bugs occur without waiting for debian ?
I’ve just upgraded mine manually. For anyone else that this bug is affecting you can upgrade without too much trouble (takes some time to build/run the automated tests though).
download mysql-5.1.52.tar.gz from mysql.com
then
apt-get source mysql-server-5.1
apt-get build-dep mysql-server-5.1
cd mysql-5.1-5.1.51
uupdate ../mysql-5.1.52.tar.gz
cd ../mysql-5.1-5.1.52
debuild -i -us -uc -b
packages created in the parent folder.
Since new versions can introduce serious problems, I also think it would be a good idea
to include older builds on the dotdeb machines. This would give users the option of downgrading
should a problem occur (at their own risk of course).
Thanks for listening. dotdeb is a much appreciated effort/resource.
yaw
Hi Guillaume,
I am trying to upgrade a 5.1.34 dotdeb installation to 5.1.51.
I have run following command : “apt-get upgrade mysql-server mysql-client libmysqlclient16 mysql-common”
It seems that apt want to keep my old server :
“The following packages have been kept back:
libpurple0 mysql-server-5.1 pidgin”
Could you specify few steps required to achieve this slight upgrade ?
Many thanks for your great work
Guillaume Plessis
@yaw : use a decent package manager, such as dselect, aptitude or synaptic to resolve the dependency issue.
Perhaps you should install mysql-server-core-5.1. The libpurple0 ans pidgin packages have nothing to deal with Dotdeb.
Dave
There’s a pretty bad bug in .51 that causes foreign keys to break in some scenarios ( eg magento stores ) that stops you deleting rows with constraints.
http://bugs.mysql.com/bug.php?id=57255
It has been fixed now – i compiled the .53 srouce and the issue has gone away for me.
A dotdeb package would be much appreciated however!
Jools
dave: see above. I also gave instructions on upgrading.
dave
jools, yes i followed those but for 53 and it worked fine.
just saying there shud be dotdeb ones so i dont have to do that
dave
just did am aptitude update toady and see there are now .53 packages.
thankyou!
Guillaume Plessis
@dave : yes, that was just a matter of (free) time. I’ll post a note about MySQL 5.1.53.