Yes, your read the title correctly: an unprivileged user can crash your MySQL Server. This applies for the default configuration of MySQL 8.0.21 (and it is probably the case for all MySQL 8 GA versions). Depending on your configuration, it might also be the case for MySQL 5.7. This needs malicious intent and a lot of determination, so no need to panic as this will not happen by accident. I am
In a previous post, I talked about the existence of a CREATE TABLE that is crashing MySQL up to versions 5.5.58, 5.6.38 and 5.7.20, and MariaDB up to version 5.5.57, 10.0.32, 10.1.26 and 10.2.7. I hope you upgraded (or can mitigate this problem in another way) as I am now publishing the CREATE TABLE of death.
The first thing to clarify about the CREATE TABLE of death is that it is not a bug in
I ended one of my last posts - Fun with InnoDB Persistent Statistics - with a cryptic sentence: there is more to say about this but I will stop here for now. What I did not share at the time is the existence of a crashing bug somehow related to what I found. But let's start with some context.
In Bug#86926, I found a way to put more than 64 characters in the field table_name of the
MySQL 5.5.41 was recently released (it is the latest MySQL 5.5, is GA), and is available for download here:
http://dev.mysql.com/downloads/mysql/5.5.html
< Forgive me for the flurry of my latest release "Overview and Highlights" that will follow, as I had a serious-at-the-time health issue that delayed me for about a month. Back on track now though. :) >
This release, similar to the last 5.5 release, is mostly uneventful.
There was only 1 “Functionality Added or Changed” bugs this time, and 14 bugs overall fixed.
Out of the 14 bugs, there were 6 InnoDB bugs, and 2 replication bugs, all of which seemed rather minor or obscure. The one worth noting is the “Functionality Added or Changed” item, which was:
- yaSSL was upgraded to version 2.3.5. (Bug #19695101)
With the recent yaSSL issues, …
[Read more]MySQL 5.5.40 was recently released (it is the latest MySQL 5.5, is GA), and is available for download here:
http://dev.mysql.com/downloads/mysql/5.5.html
This release, similar to the last 5.5 release, is mostly uneventful.
There were 0 “Functionality Added or Changed” bugs this time, and 18 bugs overall fixed.
Out of the 18 bugs, most seemed rather minor or obscure, but there are 3 I think are worth noting (all 3 are InnoDB-related, regressions, and serious if you encounter them, so best to be aware of them):
- InnoDB: An ALTER TABLE … ADD FOREIGN KEY operation could cause a serious error. (Bug #19471516, Bug #73650)
- InnoDB: With a transaction isolation level less than or equal to READ COMMITTED, gap locks …
MySQL 5.5.39 was recently released (it is the latest MySQL 5.5, is GA), and is available for download here:
http://downloads.skysql.com/archive/index/p/mysql/v/5.5.39
This release, similar to the last 5.5 release, is mostly uneventful.
There were two “Functionality Added or Changed” and 24 bugs fixed.
The “Functionality Added or Changed” changes are:
- CMake support was updated to handle CMake version 3.
- The timed_mutexes system variable has no effect and is deprecated.
Out of the 24 bugs, most seemed rather minor or obscure, but here are the ones I think are worth noting (crashing, security, wrong results, deadlock):
- InnoDB: Opening a parent table that has thousands of child tables could result in a long semaphore wait condition.
- …