You read this right, symbolic links (symlinks) are unsafe in MySQL since at least 8.0.39. As always, it is a little more complicated than that, but if you are using symbolic links and in certain conditions, you risk a crash. I think it is important to raise awareness on this, hence this post.
My attention was brought to this via the now private Bug #120156: MySQL 8.0.39/8.0.42
I am finalizing my Percona Live talk MySQL and Vitess (and Kubernetes) at HubSpot. In this talk, I mentioned that I like that Percona is providing better MySQL with Percona Server. This comes with a little inconvenience though: with improvements, sometimes comes regression. This post is about such regression and a workaround I implemented some time ago (I should have shared it
A year ago, I blogged about An Unprivileged User can crash your MySQL Server. At the time, I explained how to protect yourself against this problem. A few weeks ago, I revisited this vulnerability in a follow-up post in which I explained the fix, claimed that the MySQL 5.7 default configuration for Group Replication is still problematic, and explained a tuning to avoid the
A year ago, I blogged about An Unprivileged User can Crash your MySQL Server. At the time, I presented how to protect yourself against this problem without explaining how to generate a crash. In this post, I am revisiting this vulnerability, not giving the exploit yet, but presenting the fix. Also, because the default configuration of Group Replication in 5.7 is still vulnerable
Yes, your read the title correctly: an unprivileged user can crash your MySQL Server. This applies for the default configuration of MySQL 8.0.21 (and it is probably the case for all MySQL 8 GA versions). Depending on your configuration, it might also be the case for MySQL 5.7. This needs malicious intent and a lot of determination, so no need to panic as this will not happen by
In a previous post, I talked about the existence of a CREATE TABLE that is crashing MySQL up to versions 5.5.58, 5.6.38 and 5.7.20, and MariaDB up to version 5.5.57, 10.0.32, 10.1.26 and 10.2.7. I hope you upgraded (or can mitigate this problem in another way) as I am now publishing the CREATE TABLE of death.
The first thing to clarify about the CREATE TABLE of death is that it is not a bug in
I ended one of my last posts - Fun with InnoDB Persistent Statistics - with a cryptic sentence: there is more to say about this but I will stop here for now. What I did not share at the time is the existence of a crashing bug somehow related to what I found. But let's start with some context.
In Bug#86926, I found a way to put more than 64 characters in the field table_name of the
MySQL 5.5.41 was recently released (it is the latest MySQL 5.5, is GA), and is available for download here:
http://dev.mysql.com/downloads/mysql/5.5.html
< Forgive me for the flurry of my latest release "Overview and Highlights" that will follow, as I had a serious-at-the-time health issue that delayed me for about a month. Back on track now though. :) >
This release, similar to the last 5.5 release, is mostly uneventful.
There was only 1 “Functionality Added or Changed” bugs this time, and 14 bugs overall fixed.
Out of the 14 bugs, there were 6 InnoDB bugs, and 2 replication bugs, all of which seemed rather minor or obscure. The one worth noting is the “Functionality Added or Changed” item, which was:
With the recent yaSSL issues, …
[Read more]MySQL 5.5.40 was recently released (it is the latest MySQL 5.5, is GA), and is available for download here:
http://dev.mysql.com/downloads/mysql/5.5.html
This release, similar to the last 5.5 release, is mostly uneventful.
There were 0 “Functionality Added or Changed” bugs this time, and 18 bugs overall fixed.
Out of the 18 bugs, most seemed rather minor or obscure, but there are 3 I think are worth noting (all 3 are InnoDB-related, regressions, and serious if you encounter them, so best to be aware of them):
MySQL 5.5.39 was recently released (it is the latest MySQL 5.5, is GA), and is available for download here:
http://downloads.skysql.com/archive/index/p/mysql/v/5.5.39
This release, similar to the last 5.5 release, is mostly uneventful.
There were two “Functionality Added or Changed” and 24 bugs fixed.
The “Functionality Added or Changed” changes are:
Out of the 24 bugs, most seemed rather minor or obscure, but here are the ones I think are worth noting (crashing, security, wrong results, deadlock):