On 03/24/2016 03:54 AM, Leon Fauster wrote:> Am 24.03.2016 um 04:21 schrieb Always Learning <centos at u64.u22.net>: >> mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using >> readline 5.1 > > > > Current version on C5 is mysql55, 5.0 does not get any updates anymore! >Let me reiterate this: the mysql-5.0.95* packages are not supported. A very long time ago, Red Hat upgraded mysql for el5 to an SCL. The current supported version is: mysql55-mysql-5.5.45-1.el5* I guarantee that the 5.0.95 packages have security issues. Here is how to move to the newer mysql55 packages: http://red.ht/1pAcb7q I can't stress enough, mysql-5.0 on el5 is absolutely not updated security wise. The last update to it happened on 22-Jan-2013 and was in CentOS-5.9 .. we are now in 5.11 and there have been upgrades to mysql55 since then to fix security issues. Here is more info on this MySQL 5.0 to 5.5 upgrade, that was required starting in CentOS 5.10. http://red.ht/1o8VkHN http://red.ht/1UK30hR http://red.ht/1q48NT5 Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20160324/e48c019c/attachment-0001.sig>
On 03/24/2016 10:48 AM, Johnny Hughes wrote:> On 03/24/2016 03:54 AM, Leon Fauster wrote: >> Am 24.03.2016 um 04:21 schrieb Always Learning <centos at u64.u22.net>: >>> mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using >>> readline 5.1 >> >> >> >> Current version on C5 is mysql55, 5.0 does not get any updates anymore! >> > > Let me reiterate this: > > the mysql-5.0.95* packages are not supported. A very long time ago, Red > Hat upgraded mysql for el5 to an SCL. The current supported version is: > > > mysql55-mysql-5.5.45-1.el5* > > I guarantee that the 5.0.95 packages have security issues. Here is how > to move to the newer mysql55 packages: > > http://red.ht/1pAcb7q > > I can't stress enough, mysql-5.0 on el5 is absolutely not updated > security wise. The last update to it happened on 22-Jan-2013 and was in > CentOS-5.9 .. we are now in 5.11 and there have been upgrades to mysql55 > since then to fix security issues. > > Here is more info on this MySQL 5.0 to 5.5 upgrade, that was required > starting in CentOS 5.10. > > http://red.ht/1o8VkHN > > http://red.ht/1UK30hR > > http://red.ht/1q48NT5This shoule not be news to anyone .. it was in the CentOS-5.10 release notes: https://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.10 (first two bullets in 'New Features' section) There were also discussions on this list: https://lists.centos.org/pipermail/centos/2013-October/137939.html Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20160324/de0aa09a/attachment-0001.sig>
On Thu, 2016-03-24 at 10:48 -0500, Johnny Hughes wrote:> I guarantee that the 5.0.95 packages have security issues. Here is how > to move to the newer mysql55 packages: > > http://red.ht/1pAcb7q > > I can't stress enough, mysql-5.0 on el5 is absolutely not updated > security wise. The last update to it happened on 22-Jan-2013 and was in > CentOS-5.9 .. we are now in 5.11 and there have been upgrades to mysql55 > since then to fix security issues. > > Here is more info on this MySQL 5.0 to 5.5 upgrade, that was required > starting in CentOS 5.10. > > http://red.ht/1o8VkHN > > http://red.ht/1UK30hR > > http://red.ht/1q48NT5Thanks. Reading it now. -- Regards, Paul. England, EU. England's place is in the European Union.
On Thu, Mar 24, 2016 at 9:08 AM, Always Learning <centos at u64.u22.net> wrote:>> I can't stress enough, mysql-5.0 on el5 is absolutely not updated >> security wise. > > Thanks. Reading it now.Just to be clear: you absolutely should upgrade to a currently maintained version of MySQL. However, upgrading will not protect you from SQL injection attacks. The probes you're seeing aren't targeting the SQL server. They're targeting your php code.