Security vulnerability in MySQL/MariaDB

和 MySQL 5.1.61、5.2.11、5.3.5 和 5.5.22 之前的版本受影响。MariaDB
5.1.62、5.2.12、5.3.6 和 5.5.23 之后的版本不受影响。MySQL
5.1.63、5.5.24、5.6.6 之后的版本不受影响。这个 Bug
memcmp() 这个函数的返回值有关系。目前知道的情况来看,gcc 自带的 memcmp
是安全的,BSD libc 的 memcmp 是安全的。Linux glibc sse 优化过的 memcmp

—update 分割线

  1. 由于yum 下载过慢,采用了在windows 下把
    大的两个rpm 包 server/client  预先下载好

  2. 上传至centos

  3. yum 源 的repos

  4. yun install
     MariaDB-10.1.25-centos7-x86_澳门新葡萄京所有网站 ,64-client.rpm   时报  GPG key retrieved
    failed :[Errno 14]]


5. 解决方法为 更改3. 的repos 文件


All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are
MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.

How to Upgrade MariaDB 5.5 to MariaDB 10.1 on CentOS/RHEL 7 and Debian Systems

Upgrade MariaDB 5.5 to MariaDB 10.1 on



============== 补充说明 ==================

What’s new

Few new features have been added in this version and you can see them

  1. Galera, a multi-master cluster solution is now standard part of
  2. Added two new information schema tables added for better examining
    wsrep information. The tables in question
  3. Page compression for InnoDB and XtraDB. Page compression is similar
    to InnoDB COMPRESSED storage format.
  4. Page compression for FusionIO.
  5. Few optimization tweaks included are:
    1. Don’t create .frm files for temporary tables
    2. Use the MAX_STATEMENT_TIME to abort long running queries
    3. malloc() function is used less and simple queries are executed
    4. Webscale patches
  6. Plugins update
  7. Security fixes (Many vulnerabilities have been addressed).

In this tutorial we are going to show you how to upgrade MariaDB
5.5 to MariaDB 10.1 latest stable version. You will need to have root
access to the machine, where you will be performing the upgrade.

Note that if you are running earlier version of MariaDB the recommended
course of upgrading is by going through each version. For
example MariaDB 5.1 -> 5.5 -> 10.1.

这个 Bug

Step 1: Backup or Dump All MariaDB Databases

As always when performing an upgrade creating backup of your existing
databases is important. You can either dump the databases with command

# mysqldump -u root -ppassword --all-databases > /tmp/all-database.sql

Or alternatively, you can stop the MariaDB service with:

# systemctl stop mysql

And copy the databases directory in a separate folder like this:

# cp -a /var/lib/mysql/ /var/lib/mysql.bak

In case of failure of the upgrade you can use one of the above copies to
restore your databases.

这个问题和 memcmp() 这个函数的返回值有关系。目前知道的情况来看,gcc
自带的 memcmp 是安全的,BSD libc 的 memcmp 是安全的。Linux glibc sse
优化过的 memcmp 会有这个问题。

Step 2: Add the MariaDB Repository

A good practice is to make sure your packages are up to date before
making any changes to your repo files. You can do this with:

# yum update          [On RHEL/CentOS 7]
# apt-get update      [On Debian/Ubuntu]


On RHEL/CentOS 7

If you have any old packages, wait for the installation to finish. Next,
you will need to add theMariaDB 10.1 repo for CentOS/RHEL 7/
distributions. To do this, use your favorite text editor such
as vim or nano and open the following file:

# vim /etc/yum.repos.d/MariaDB10.repo

Add the following text in it:

# MariaDB 10.1 CentOS repository list - created 2016-01-18 09:58 UTC
name = MariaDB
baseurl =

Then save and exit the file (for vim :wq)

On Debian and Ubuntu

Run the following series of commands to add the MariaDB PPA on your

# apt-get install software-properties-common
# apt-key adv --recv-keys --keyserver hkp:// 0xcbcb082a1bb943db
# add-apt-repository 'deb [arch=amd64,i386] wily main'

Important: Don’t forget to replace the ubuntu wily with your
distribution name and release.

Step 3: Remove MariaDB 5.5

If you have taken backup of your databases as suggested in Step 1, you
are now ready to proceed and remove the existing MariaDB installation.

To do this, simply run the following command:

# yum remove mariadb-server mariadb mariadb-libs         [On RHEL/CentOS 7]
# apt-get purge mariadb-server mariadb mariadb-libs      [On Debian/Ubuntu]

澳门新葡萄京所有网站 1

Remove MariaDB 5.5 Version

Next, clean the repository cache:

# yum clean all          [On RHEL/CentOS 7]
# apt-get clean all      [On Debian/Ubuntu]

Step 4: Installing MariaDB 10.1

Now it’s time to install the newer version of MariaDB, by using:

# yum -y install MariaDB-server MariaDB-client      [On RHEL/CentOS 7]
# apt-get install mariadb-server MariaDB-client     [On Debian/Ubuntu]

澳门新葡萄京所有网站 2

Install MariaDB 10 on CentOS/RHEL 7

Once the installation is complete, you can start the MariaDB service

# systemctl start mariadb

If you want MariaDB to automatically start after system boot, run:

# systemctl enable mariadb

Finally run the upgrade command to upgrade MariaDB with:

# mysql_upgrade

澳门新葡萄京所有网站 3

MariaDB Upgrade

To verify that the upgrade was successful, run the following command:

# mysql -V

澳门新葡萄京所有网站 4

Check MariaDB Version

Congratulations, your upgrade has been completed!


MariaDB/MySQL upgrades are always tasks that should be performed with
extra caution. I hope yours completed smoothly. If you encounter any
issues, please do not hesitate to post a comment.