Bug 79606
Summary: | Several vulnerabilities within (lib)MySQL could allow (remote) compromise of client and/or server. | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | pete gilman <rh-bugzilla> |
Component: | mysql | Assignee: | Patrick Macdonald <patrickm> |
Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.3 | CC: | asundell+rhbz, chrismcc, frido, holger, jacco, jesmin, ml, paul, p.vanbrouwershaven, redhat |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://security.e-matters.de/advisories/042002.html?SID=d076ab53f67b496075db81130436871a | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-01-15 19:27:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
pete gilman
2002-12-13 22:39:35 UTC
An Erratum for mySQL taking mySQL to 3.23.54 is in progress. Any word on when this will be ready? Any idée when the update comes available? See also : http://www.webwereld.nl/nieuws/13530.phtml http://www.tweakers.net/nieuws/24810 I hope the errata being written surpass the elegence of the Gettysburg Address because Lincoln took less time to write that than it seems to be taking to write this errata. Just to give a quick update, the erratum packages were created and are currently in our QA process. We do spend a lot of time on QA to ensure that upgrades are going to work seamlessly and that the packages do actually fix the security issues reported. >> We do spend a lot of time on QA ...
I, for one , do apreciate the QA that goes into RH releases and eratta.
James R Roe:
If you _really_ need it right now, grab the latest .src.rpm and edit it yourself
Mark, could you please elaborate on why an update seems to be available for Advanced Server 2.1 since 18th Dec ? I thought Advanced Server was the platform for critical stuff that was specially QA'd ? I imagine Dec 18 is the build date not the realease date rpm -qpli mysql-3.23.54a-3.72.src.rpm Build Date: Mon 16 Dec 2002 04:52:12 AM PST No. https://rhn.redhat.com/errata/RHSA-2002-289.html indicates it to be a release. So does the date on the src rpm on the ftp server. So if the <a href="https://rhn.redhat.com/errata/RHSA-2002-289.html">AS errata</a> is complete, shouldn't the regular errata be complete as well? I'm just getting concerned since we're going on a month without an update to a package for which exploit code has been released. I applaud RH for all the QA work that goes into their errata. I guess if I knew at what stage QA is at and/or what hangups the QA team was seeing, I wouldn't be so concerned. If RH is having issues with 3.23.54, I sure don't want to deploy it in production myself without a lot more testing... An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2002-288.html I didn't seem to find the erata for RH 7.1 alpha. Can anyone tell me when these updates are expected ? |