Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Upcoming MySQL patch fixes several critical vulnerabilites - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Upcoming MySQL patch fixes several critical vulnerabilites

William wrote in to let us know that the changelog to upcoming release to MySQL, version 5.1.47, has been released, and it appears this release fixes several critical vulnerabilities and probably should be applied as quickly as is reasonable.  What is interesting is that although a relatively detailed changelog is available which describes in some detail the vulnerabilities being addressed, which could be interesting to attackers, I could not find any information on when the 5.1.47 release would be available.

If anyone can provide a pointer to this release information, please pass it on to us.


-- Rick Wanner - rwanner at isc dot sans dot org


324 Posts
ISC Handler
May 16th 2010
A funny thing seems to have happened...

Last night (2010-05-16) when I checked the linked page the "Security" changes were visible. This morning (2010-05-15) they're gone.

I guess Oracle either published a faulty change list, or (more likely) decided they didn't want to disclose the flaws - after they already did. Either way, that's no good.

Strange that nobody else has commented on this. Am I missing something?

Sign Up for Free or Log In to start participating in the conversation!