des nouvelles versions mysql viennet de sortir corrigeant beaucoup de securité-fix surtout la version 5.0.92 qui est toujours la plus utilisé.
Functionality added or changed:
•The time zone tables available at http://dev.mysql.com/downloads/timezones.html have been updated. These tables can be used on systems such as Windows or HP-UX that do not include zoneinfo files. (Bug#40230)
Bugs fixed:
•Security Fix: During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash. (Bug#55826, CVE-2010-3833)
•Security Fix: The server could crash after materializing a derived table that required a temporary table for grouping. (Bug#55568, CVE-2010-3834)
•Security Fix: A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted. (Bug#55564, CVE-2010-3835)
•Security Fix: Joins involving a table with a unique SET column could cause a server crash. (Bug#54575, CVE-2010-3677)
•Security Fix: Pre-evaluation of LIKE predicates during view preparation could cause a server crash. (Bug#54568, CVE-2010-3836)
•Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a server crash. (Bug#54476, CVE-2010-3837)
•Security Fix: Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table. (Bug#54461, CVE-2010-3838)
•Security Fix: Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711, CVE-2010-3682)
•InnoDB Storage Engine: Creating or dropping a table with 1023 transactions active caused an assertion failure. (Bug#49238)
•The make_binary_distribution target to make could fail on some platforms because the lines generated were too long for the shell. (Bug#54590)
•A client could supply data in chunks to a prepared statement parameter other than of type TEXT or BLOB using the mysql_stmt_send_long_data() C API function (or COM_STMT_SEND_LONG_DATA command). This led to a crash because other data types are not valid for long data. (Bug#54041)
•Builds of the embedded mysqld would fail due to a missing element of the struct NET. (Bug#53908, Bug#53912)
•The definition of the MY_INIT macro in my_sys.h included an extraneous semicolon, which could cause compilation failure. (Bug#53906)
•If the remote server for a FEDERATED table could not be accessed, queries for the INFORMATION_SCHEMA.TABLES table failed. (Bug#35333)
•mysqld could fail during execution when using SSL. (Bug#34236)
•Threads that were calculating the estimated number of records for a range scan did not respond to the KILL statement. That is, if a range join type is possible (even if not selected by the optimizer as a join type of choice and thus not shown by EXPLAIN), the query in the statistics state (shown by the SHOW PROCESSLIST) did not respond to the KILL statement. (Bug#25421)
Et Pour la version 5.1.55 elle corrige quelques bugs utiles.
il est bien sur impérative de mettre a jour ces versions pour eviter tout mauvais fonctionnement.
A+
Functionality added or changed:
•The time zone tables available at http://dev.mysql.com/downloads/timezones.html have been updated. These tables can be used on systems such as Windows or HP-UX that do not include zoneinfo files. (Bug#40230)
Bugs fixed:
•Security Fix: During evaluation of arguments to extreme-value functions (such as LEAST() and GREATEST()), type errors did not propagate properly, causing the server to crash. (Bug#55826, CVE-2010-3833)
•Security Fix: The server could crash after materializing a derived table that required a temporary table for grouping. (Bug#55568, CVE-2010-3834)
•Security Fix: A user-variable assignment expression that is evaluated in a logical expression context can be precalculated in a temporary table for GROUP BY. However, when the expression value is used after creation of the temporary table, it was re-evaluated, not read from the table and a server crash resulted. (Bug#55564, CVE-2010-3835)
•Security Fix: Joins involving a table with a unique SET column could cause a server crash. (Bug#54575, CVE-2010-3677)
•Security Fix: Pre-evaluation of LIKE predicates during view preparation could cause a server crash. (Bug#54568, CVE-2010-3836)
•Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a server crash. (Bug#54476, CVE-2010-3837)
•Security Fix: Queries could cause a server crash if the GREATEST() or LEAST() function had a mixed list of numeric and LONGBLOB arguments, and the result of such a function was processed using an intermediate temporary table. (Bug#54461, CVE-2010-3838)
•Security Fix: Using EXPLAIN with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash. (Bug#52711, CVE-2010-3682)
•InnoDB Storage Engine: Creating or dropping a table with 1023 transactions active caused an assertion failure. (Bug#49238)
•The make_binary_distribution target to make could fail on some platforms because the lines generated were too long for the shell. (Bug#54590)
•A client could supply data in chunks to a prepared statement parameter other than of type TEXT or BLOB using the mysql_stmt_send_long_data() C API function (or COM_STMT_SEND_LONG_DATA command). This led to a crash because other data types are not valid for long data. (Bug#54041)
•Builds of the embedded mysqld would fail due to a missing element of the struct NET. (Bug#53908, Bug#53912)
•The definition of the MY_INIT macro in my_sys.h included an extraneous semicolon, which could cause compilation failure. (Bug#53906)
•If the remote server for a FEDERATED table could not be accessed, queries for the INFORMATION_SCHEMA.TABLES table failed. (Bug#35333)
•mysqld could fail during execution when using SSL. (Bug#34236)
•Threads that were calculating the estimated number of records for a range scan did not respond to the KILL statement. That is, if a range join type is possible (even if not selected by the optimizer as a join type of choice and thus not shown by EXPLAIN), the query in the statistics state (shown by the SHOW PROCESSLIST) did not respond to the KILL statement. (Bug#25421)
Et Pour la version 5.1.55 elle corrige quelques bugs utiles.
il est bien sur impérative de mettre a jour ces versions pour eviter tout mauvais fonctionnement.
A+