Showing entries 1 to 4
Displaying posts with tag: yaSSL (reset)
MySQL 5.6.23 Overview and Highlights

MySQL 5.6.23 was recently released (it is the latest MySQL 5.6, is GA), and is available for download here.

For this release, there is 1 “Security Note”, 3 “Functionality Changed”, and 5 “Compilation Notes”, all benign, but let me address them:

  1. Security Note: The linked OpenSSL library for the MySQL Commercial Server has been updated from version 1.0.1j to version 1.0.1k. Issues fixed in the new version are described at http://www.openssl.org/news/vulnerabilities.html.
  2. Functionality Changed: Support for the SSL 2.0 and SSL 3.0 protocols has been disabled because they provide weak encryption. (Bug #19820550, Bug #19921150)
  3. Functionality Changed: yaSSL was upgraded to version …
[Read more]
MySQL 5.5.42 Overview and Highlights

MySQL 5.5.42 was recently released (it is the latest MySQL 5.5, is GA), and is available for download here:

http://dev.mysql.com/downloads/mysql/5.5.html

This release, similar to the last 5.5 release, is mostly uneventful.

There were only 3 “Functionality Added or Changed” bugs this time, all related to SSL, and only 9 bugs overall fixed.

Out of the 9 bugs, there were 2 InnoDB bugs, and 1 replication bug, all of which seemed rather minor or obscure. Here are the ones worth noting:

  • Support for the SSL 2.0 and SSL 3.0 protocols has been disabled because they provide weak encryption. (Bug #19820550, Bug #19921150)
  • yaSSL was upgraded to version 2.3.7. (Bug #19695101, Bug #20201864)
  • The valid date range of the SSL certificates in mysql-test/std_data has been extended to the year 2029. (Bug …
[Read more]
MySQL 5.5.41 Overview and Highlights

MySQL 5.5.41 was recently released (it is the latest MySQL 5.5, is GA), and is available for download here:

http://dev.mysql.com/downloads/mysql/5.5.html

< Forgive me for the flurry of my latest release "Overview and Highlights" that will follow, as I had a serious-at-the-time health issue that delayed me for about a month. Back on track now though. :) >

This release, similar to the last 5.5 release, is mostly uneventful.

There was only 1 “Functionality Added or Changed” bugs this time, and 14 bugs overall fixed.

Out of the 14 bugs, there were 6 InnoDB bugs, and 2 replication bugs, all of which seemed rather minor or obscure. The one worth noting is the “Functionality Added or Changed” item, which was:

  • yaSSL was upgraded to version 2.3.5. (Bug #19695101)

With the recent yaSSL issues, …

[Read more]
MySQL with yaSSL vulnerability

It’s worth noting that if you’re using MySQL 5.0/5.1, with SSL enabled, and you’re using yaSSL as opposed to OpenSSL, you’re vulnerable to CVE-2009-4484. Its a buffer overflow, that works over TCP, via the MySQL port, 3306. Lenz furnished us with some information, and the patch is available. You’ll see this rocking when MySQL 5.1.43 gets released.

It affects Debian (presumably, it will also affect Ubuntu). Red Hat/CentOS is spared, because instead of using yaSSL, OpenSSL is used.

MariaDB …

[Read more]
Showing entries 1 to 4