Language Selection

English French German Italian Portuguese Spanish

Open MySQL security holes

Filed under
Software
Security

Oracle's forthcoming version 5.1.47 of MySQL is said to contain several important security patches. The changelog states that the developers have closed three security holes which allow attackers to cause a server crash, obtain unauthorised database access or, in the worst case, inject arbitrary code and execute it on the server. The developers didn't mention which exact versions are affected.

While the flaws are already listed in the MySQL bug tracker, unlike the changelog the bug tracker entries are not publicly available. It was, therefore, a rather clumsy decision to provide the general public with such detailed information about the security holes; while the added attention makes it more likely that the holes will be exploited, the hands of admins are tied because they have no fixed version to switch to.

rest here




More in Tux Machines

That Peculiar Linux 3.18 Kernel Bug Might Be Closed Soon

For the past month there's been kernel developers investigating "a big unknown worry in a regression" that have left many key kernel developers -- including Linus Torvalds -- puzzled. It looks like that investigation is finally being close to being resolved. Read more

New Releases

Notifications Without User Interaction on Ubuntu Are Annoying

The Unity desktop environment has a simple and rather ineffective system notification mechanism and it looks like that's not going to change, not even with the arrival of Unity 8. Read more

Librem Linux Laptop Drops NVIDIA Graphics But Still Coming Up Short Of Goal

One of the oddest things I found about the crowd-funded Librem 15 laptop when writing about it last month was that it wanted to be open-source down to the component firmware/microcode yet they opted to ship with a NVIDIA GPU. In an updated earlier this month, at least they came to their senses and dropped the discrete NVIDIA GPU. While I have no problems recommending NVIDIA graphics for Linux gamers and those wanting the best performance, that's only when using the proprietary drivers, and certainly wouldn't recommend it for a fully open-source system -- NVIDIA on the desktop side doesn't do much for the open-source drivers, let alone down to the firmware/microcode level. Instead the Librem folks have opted to upgrade the design to using an Intel Core i7 4770HQ processor that features more powerful Intel Iris Pro 5200 Graphics, which isn't as powerful as a discrete NVIDIA GPU but at least is more open-source friendly. Read more