美高梅官方网站66159

BSD libc 的 memcmp 是安全的,5. 解决方法为 更改3. 的repos 文件

作者:美高梅线上平台游戏    来源:未知    发布时间:2020-04-29 14:42    浏览量:

Security vulnerability in MySQL/MariaDB 在知道用户名的情况下(如root),直接反复重试(平均大约256次)即可登入。

近日,在MySQL和MariaDB中爆出了一个严重的安全漏洞:在知道用户名的情况下,直接反复重试即可登入。版本受影响情况:MariaDB 和 MySQL 5.1.61、5.2.11、5.3.5 和 5.5.22 之前的版本受影响。MariaDB 5.1.62、5.2.12、5.3.6 和 5.5.23 之后的版本不受影响。MySQL 5.1.63、5.5.24、5.6.6 之后的版本不受影响。这个 Bug 在官方编译的版本中没有发现。如果你是下载的源码,然后自己编译的就有可能遇到这个问题。这个问题和 memcmp() 这个函数的返回值有关系。目前知道的情况来看,gcc 自带的 memcmp 是安全的,BSD libc 的 memcmp 是安全的。Linux glibc sse 优化过的 memcmp 会有这个问题。详细信息:

---update 分割线

  1. 由于yum 下载过慢,采用了在windows 下把 大的两个rpm 包 server/client  预先下载好

  2. 上传至centos

  3. yum 源 的repos 文件一样要设置(同下文)

  4. yun install  MariaDB-10.1.25-centos7-x86_64-server.rpm    MariaDB-10.1.25-centos7-x86_64-client.rpm   时报  GPG key retrieved failed :[Errno 14]]

受影响的版本:

5. 解决方法为 更改3. 的repos 文件

把gpgcheck=1改为gpgcheck=0

All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.
MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.

How to Upgrade MariaDB 5.5 to MariaDB 10.1 on CentOS/RHEL 7 and Debian Systems

Upgrade MariaDB 5.5 to MariaDB 10.1 on RHEL/CentOS 7

详情请点击这里

转载自  

============== 补充说明 ==================

What’s new

Few new features have been added in this version and you can see them below:

  1. Galera, a multi-master cluster solution is now standard part of MariaDB.
  2. Added two new information schema tables added for better examining wsrep information. The tables in question are WSREP_MEMBERSHIP and WSREP_STATUS.
  3. Page compression for InnoDB and XtraDB. Page compression is similar to InnoDB COMPRESSED storage format.
  4. Page compression for FusionIO.
  5. Few optimization tweaks included are:
    1. Don’t create .frm files for temporary tables
    2. Use the MAX_STATEMENT_TIME to abort long running queries automatically
    3. malloc() function is used less and simple queries are executed faster
    4. Webscale patches
  6. Plugins update
  7. Security fixes (Many vulnerabilities have been addressed).

In this tutorial we are going to show you how to upgrade MariaDB 5.5 to MariaDB 10.1 latest stable version. You will need to have root access to the machine, where you will be performing the upgrade.

Note that if you are running earlier version of MariaDB the recommended course of upgrading is by going through each version. For example MariaDB 5.1 -> 5.5 -> 10.1.

这个 Bug 在官方编译的版本中没有发现。如果你是下载的源码,然后自己编译的就有可能遇到这个问题。

Step 1: Backup or Dump All MariaDB Databases

As always when performing an upgrade creating backup of your existing databases is important. You can either dump the databases with command such:

# mysqldump -u root -ppassword --all-databases > /tmp/all-database.sql

Or alternatively, you can stop the MariaDB service with:

# systemctl stop mysql

And copy the databases directory in a separate folder like this:

# cp -a /var/lib/mysql/ /var/lib/mysql.bak

In case of failure of the upgrade you can use one of the above copies to restore your databases.

这个问题和 memcmp() 这个函数的返回值有关系。目前知道的情况来看,gcc 自带的 memcmp 是安全的,BSD libc 的 memcmp 是安全的。Linux glibc sse 优化过的 memcmp 会有这个问题。

Step 2: Add the MariaDB Repository

A good practice is to make sure your packages are up to date before making any changes to your repo files. You can do this with:

# yum update          [On RHEL/CentOS 7]
# apt-get update      [On Debian/Ubuntu]

(文/开源中国)    

On RHEL/CentOS 7

If you have any old packages, wait for the installation to finish. Next, you will need to add theMariaDB 10.1 repo for CentOS/RHEL 7/ distributions. To do this, use your favorite text editor such as vim or nano and open the following file:

# vim /etc/yum.repos.d/MariaDB10.repo

Add the following text in it:

# MariaDB 10.1 CentOS repository list - created 2016-01-18 09:58 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Then save and exit the file (for vim :wq)

On Debian and Ubuntu

Run the following series of commands to add the MariaDB PPA on your system:

# apt-get install software-properties-common
# apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
# add-apt-repository 'deb [arch=amd64,i386] http://kartolo.sby.datautama.net.id/mariadb/repo/10.1/ubuntu wily main'

Important: Don’t forget to replace the ubuntu wily with your distribution name and release.

Step 3: Remove MariaDB 5.5

If you have taken backup of your databases as suggested in Step 1, you are now ready to proceed and remove the existing MariaDB installation.

To do this, simply run the following command:

# yum remove mariadb-server mariadb mariadb-libs         [On RHEL/CentOS 7]
# apt-get purge mariadb-server mariadb mariadb-libs      [On Debian/Ubuntu]

图片 1

Remove MariaDB 5.5 Version

Next, clean the repository cache:

# yum clean all          [On RHEL/CentOS 7]
# apt-get clean all      [On Debian/Ubuntu]

Step 4: Installing MariaDB 10.1

Now it’s time to install the newer version of MariaDB, by using:

# yum -y install MariaDB-server MariaDB-client      [On RHEL/CentOS 7]
# apt-get install mariadb-server MariaDB-client     [On Debian/Ubuntu]

图片 2

Install MariaDB 10 on CentOS/RHEL 7

Once the installation is complete, you can start the MariaDB service with:

# systemctl start mariadb

If you want MariaDB to automatically start after system boot, run:

# systemctl enable mariadb

Finally run the upgrade command to upgrade MariaDB with:

# mysql_upgrade

图片 3

MariaDB Upgrade

To verify that the upgrade was successful, run the following command:

# mysql -V

图片 4

Check MariaDB Version

Congratulations, your upgrade has been completed!

Conclusion

MariaDB/MySQL upgrades are always tasks that should be performed with extra caution. I hope yours completed smoothly. If you encounter any issues, please do not hesitate to post a comment.

下一篇:没有了

更多新闻推荐

Copyright © 2015-2019 http://www.77zhth.net. 美高梅官方网站66159有限公司 版权所有