Recently there have been discussions on several vulnerabilities in MySQL and closely related projects such as MariaDB and Percona Server. Usually we have inherited security fixes from MySQL when we have updated Percona Server to be based off a new Oracle MySQL release. In this case however, Oracle has been incredibly quiet.
We’ve been examining how these affect current Percona Server versions and will shortly be making security releases and more information available (we wish to ensure what we say is correct in regards to Percona Server).
As seems to often be the case, we already had a release in the pipeline – Percona Server 5.5.28-29.2 which contains many bug fixes that affect users (see our release notes). We’re going to still release 5.5.28-29.2 and shortly after we’ll make 5.5.28-29.3 available with just security fixes.
For more information, see:
- Full Disclosure mailing list threads
- Open Query blog post on MariaDB updates
- Sergei Golubchik (long time MySQL developer, current MariaDB developer) responds on oss-sec list
Is there any news on whether these bugs affect 5.1, and if so, if there will be a equivalent 5.1 release?
Cheers.
We’ll be making 5.1 releases shortly. We went with 5.5 first as an overwhelming majority of users are on 5.5 rather than 5.1
Oracle have released MySQL Security patches for January 2015 and was wondering if these need to or will be incorporated into Percona MySQL versions or do they need to be patched?
This is the list:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
Many Thanks
Sunny Nagra