Qualys announced they had found an exploit in one of the Linux core libraries – glibc – using a buffer overflow technique in gethostbyname(). They have developed a proof-of-concept in which simply sending a specially created e-mail to a mail server enabled them to create a remote shell to the Linux machine. According to Qualys, “This bypasses all existing protections (like ASLR, PIE and NX) on both 32-bit and 64-bit systems.”. How does it affect MySQL servers? Read on!

The vulnerable library call provides DNS name resolution and although it’s been obsoleted in favour of other calls, it is still widely used by both legacy and modern applications.

Having a quick search, MySQL does not seem to rely on gethostbyname() almost at all. A few uses can be found in MySQL Cluster code (NDB), …

In addition to the problem with trx_list scan we discussed in Friday’s post, there is another issue in InnoDB transaction processing that notably affects MySQL performance – for every transaction InnoDB creates a read view and allocates memory for this structure from heap. The problem is that the heap for that allocation is destroyed on each commit and thus the read view memory is reallocated on the next transaction.

There are two aspects of this problem:

1) memory allocation is an costly operation and if memory …

My experience showed that installing a new version of glibc resolved the error:

$ sudo apt-get install libc6

If this doesn't work for you, try this:

http://lists.mysql.com/maxdb/25707