hey team, just sending a ping on this one...
sean
----- Forwarded message from sean finney <[EMAIL PROTECTED]> -----
Date: Wed, 4 May 2005 01:22:48 -0400
From: sean finney <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: security update for mysql, redux.
hi team,
unfortunately, it seems that the latest security update has caused
problems for users of ISAM (and possibly others) datatypes. the
patch in the last security update (which was backported from 4.0)
passes O_EXCL and O_NOFOLLOW to various open() calls. the latter
is what addresses the security issue, the former was included
only because some (non-linux) systems don't implement O_NOFOLLOW.
the former causes problems, most notably in creation of temporary
files but poissibly in other places as well.
i've unpatched and repatched the last security update, which
is accessible at:
http://people.debian.org/~seanius/mysql/
to make sure there are no other lurking issues in this fix, both
christian and i have run the sql benchmark suite shipped with
the mysql server, which had no problems.
sorry for having to throw this at you, especially at such an
inoppurtune time. on the bright side of things, this isn't
an open security hole, and the bug doesn't cause serious data loss--just
failure of some DROP and TRUNCATE commands (and maybe others).
for more information on the bug, see bug #306409.
sean
--
----- End forwarded message -----
--
signature.asc
Description: Digital signature
