For those who don’t know, several security vulnerabilities in MySQL were discovered recently and published to the security mailing lists. Yet another time, remote attacker can badly hit your production systems causing long downtime.

List of security issues:

• • CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
    • http://seclists.org/fulldisclosure/2012/Dec/4
    • https://bugzilla.redhat.com/show_bug.cgi?id=882599
  • CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
  • …

As Percona Live London is raging in the UK, I thought it fitting to remind everyone about the next big Percona Live: MySQL Conference and Expo 2013 in Santa Clara, Californa on April 22-25, 2013.  You can register NOW for this conference, and the Super Saving Registration deadline ends on December 28th, so be sure to register early if you already know you’ll be there.

As promised, I wanted to keep giving updates on the committee’s progress in selecting the program for the conference.  As many people know, the selections and …

MySQL Connector/Net 6.5.5, a new maintenance release of our 6.5 series, has been released.  This release is GA quality and is appropriate for use in production environments.  Please note that 6.6 is our latest driver series and is the recommended product for development. It is now available in source and binary form http://dev.mysql.com/downloads/connector/net/#downloads and mirror sites (note that not all mirror sites may be up to date at this point-if you can't find this version on some mirror, please try again later or choose another download site.)

Get the most from MySQL Server's top-level performance by improving your understanding of performance tuning techniques.

MySQL Performance Tuning Class

In this 4 day class, you'll learn practical, safe, highly efficient ways to optimize performance for the MySQL Server. You can take this class as:

• Training-on-Demand: Start training within 24 hours of registering and follow the instructor-led lecture material through streaming video at your own pace. Schedule time lab-time to perform the hands-on exercises at your convenience.
• Live-Virtual Class: Follow the live instructor led class from your own desk - no travel required. There are already a range of events on the schedule to suit different timezones and with delivery in languages including English and German.
• In-Class Event: Travel to a training center to follow this class.

For more information on this class, to see the …

As a few LinkedIn friends already noticed, I have started working together with the Galera team at Codership. It is a part time "advisor" position and I still continue my full time work at Nokia, supporting various databases behind the new HERE.com portal.

We get a lot of requests for more blogs and better documentation to explain in-depth how Galera work. That's an area I will work on a lot. The first "deliverable" is out today: the first Galera white paper.

…

Yet another article comparing two database features. This time the different between the two storage engines MyISAM and InnoDB from MySQL will be compared, so you can choose which one you should choose for your project. Some fast facts: InnoDB supports foreign keys InnoDB implements row-level lock for inserting and updating while MyISAM implements table-level lock! InnoDB supports transactions MyISAM [...]

Last week Codership released a new version of Galera Cluster for MySQL: 5.5.28-23.7 (click to download)

This is a bug fix maintenance release. There are several significant fixes and users are recommended to upgrade.

Fixed:
- foreign keys support (multiple issues were fixed)
- thread counter going negative (and ensuing issues, like refusal to start new threads)
- causal reads timeout now returns ER_LOCK_WAIT_TIMEOUT.
- tables without primary key but with unique secondary key could cause crash with parallel applying.
- DDL in multi-statement transaction could cause a crash.
- aborted SELECTs were not automatically retried if aborted by DDL.
- RSU DDL could block.
- pt-table-checksum was not supported.
- CREATE TABLE... AS SELECT was not supported.
- queries were not retried after …

We have released our first whitepaper about Galera Cluster for MySQL, called Minimizing downtime and maximizing elasticity with Galera Cluster for MySQL.

This is a so called "business" white paper. It is not very technical, rather intended to be "manager understandable". We discuss things like what does a minute of downtime cost for some of our customers, and why an active-active, synchronous multi-master cluster is a good choice to minimize downtime. We also look at how Galera fits cloud use cases, scale-in and scale-out, in particular thanks to our automated node provisioning. Again, we mention some statistics on what you can save in cloud infrastructure costs by efficient scale-out/scale-in solution - also known as elasticity.

For the more technical reader, the mid part of the …

Apart from my consulting as part of ScaleIn, I also invest to bootstrap companies with really disruptive ideas; and in the process met few database specific companies who are already[...]

Important Security Fix for a Buffer Overflow Bug: MariaDB 5.5.28a, 5.3.11, 5.2.13 and 5.1.66 include a fix for CVE-2012-5579, a vulnerability that allowed an authenticated user to crash MariaDB server or to execute arbitrary code with the privileges of the mysqld process. This is a serious security issue. We recommend upgrading from older versions as soon as possible.

MariaDB 5.5.28a, 5.3.11, 5.2.13 and 5.1.66 (GA) binaries, packages, and source tarballs are now available for download from http://downloads.mariadb.org. So you can upgrade within your own major series.

Note that while this fix has just been published, some other vulnerabilities have been noted over the weekend also. Below a summary of these other CVEs as documented by Red Hat Security Response Team, with annotations by Sergei Gulubchik who is the Security Coordinator for MariaDB.

• …