Categories
MySQL

Upgrade to MySQL 5.1.51! It fixes a DoS vulnerability

MySQL versions prior to 5.1.51 (including 5.1.50) suffer from a vulnerability in the processing of arguments passed to the LEAST()or GREATEST() functions. This issue could be exploited by a malicious user to cause a server crash, leading to a DoS condition.

You really should upgrade your Lenny servers (amd64 or i386) with the new packages of MySQL 5.1.51 from Dotdeb. As usual, don’t forget to read the Changelog before upgrading.

15 replies on “Upgrade to MySQL 5.1.51! It fixes a DoS vulnerability”

I have installed phpMyAdmin, But it says :
———————-
Your PHP MySQL library version 5.0.51a differs from your MySQL server version 5.1.51. This may cause unpredictable behavior.
———————-

Please fix it.

@Mostafa : as said many times on this blog, 5.0.51a is just the version of the libmysqlclient library PHP was built with. Don’t worry about that delta between the client side and the server side, it does not affect the PHP behaviour.

In some cases as people are running dotdeb on production machines, would it not be good also
to provide new packages when serious bugs occur without waiting for debian ?

I’ve just upgraded mine manually. For anyone else that this bug is affecting you can upgrade without too much trouble (takes some time to build/run the automated tests though).

download mysql-5.1.52.tar.gz from mysql.com

then

apt-get source mysql-server-5.1
apt-get build-dep mysql-server-5.1
cd mysql-5.1-5.1.51
uupdate ../mysql-5.1.52.tar.gz
cd ../mysql-5.1-5.1.52
debuild -i -us -uc -b

packages created in the parent folder.

Since new versions can introduce serious problems, I also think it would be a good idea
to include older builds on the dotdeb machines. This would give users the option of downgrading
should a problem occur (at their own risk of course).

Thanks for listening. dotdeb is a much appreciated effort/resource.

Hi Guillaume,
I am trying to upgrade a 5.1.34 dotdeb installation to 5.1.51.

I have run following command : “apt-get upgrade mysql-server mysql-client libmysqlclient16 mysql-common”

It seems that apt want to keep my old server :
“The following packages have been kept back:
libpurple0 mysql-server-5.1 pidgin”

Could you specify few steps required to achieve this slight upgrade ?

Many thanks for your great work

@yaw : use a decent package manager, such as dselect, aptitude or synaptic to resolve the dependency issue.

Perhaps you should install mysql-server-core-5.1. The libpurple0 ans pidgin packages have nothing to deal with Dotdeb.

jools, yes i followed those but for 53 and it worked fine.

just saying there shud be dotdeb ones so i dont have to do that 😉

Comments are closed.