Looks like a series of vulnerability alerts for Oracle MySQL have been issued: CVE-2018-2562, CVE-2018-2647 (both high), CVE-2018-2645, CVE-2018-2646, CVE-2018-2665 (all three medium). This affects versions 5.7.20 and prior. I know CentOS/RedHat usually do backports--anybody know if this is the case, or do we have to go 'outside' now, and get the MySQL repository to use, for the latest and greatest? PEV -- Paul E Virgo Sr. System Administrator Code 610.2 SESDA III - DAAC/DISC Goddard Space Flight Ctr/NASA Greenbelt, MD Greenbelt, MD 20771 (301) 614-5751
On 01/25/2018 09:58 AM, Paul E. Virgo wrote:> Looks like a series of vulnerability alerts for Oracle MySQL have been > issued: CVE-2018-2562, CVE-2018-2647 (both high), CVE-2018-2645, > CVE-2018-2646, CVE-2018-2665 (all three medium). This affects versions > 5.7.20 and prior. I know CentOS/RedHat usually do backports--anybody > know if this is the case, or do we have to go 'outside' now, and get the > MySQL repository to use, for the latest and greatest? > > PEV >Red Hat no longer uses mysql in EL7 .. it uses mariadb. They will backport any security updates for the mysql in EL6. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20180125/a93078d2/attachment-0001.sig>
Johnny, Thanks. I needed this to present as 'ammo' for not using a 3rd-party MySQL repo to address these security issues. PEV On 01/25/2018 11:03 AM, Johnny Hughes wrote:> On 01/25/2018 09:58 AM, Paul E. Virgo wrote: >> Looks like a series of vulnerability alerts for Oracle MySQL have been >> issued: CVE-2018-2562, CVE-2018-2647 (both high), CVE-2018-2645, >> CVE-2018-2646, CVE-2018-2665 (all three medium). This affects versions >> 5.7.20 and prior. I know CentOS/RedHat usually do backports--anybody >> know if this is the case, or do we have to go 'outside' now, and get the >> MySQL repository to use, for the latest and greatest? >> >> PEV >> > Red Hat no longer uses mysql in EL7 .. it uses mariadb. > > They will backport any security updates for the mysql in EL6. >-- Paul E Virgo Sr. System Administrator Code 610.2 SESDA III - DAAC/DISC Goddard Space Flight Ctr/NASA Greenbelt, MD Greenbelt, MD 20771 (301) 614-5751
Possibly Parallel Threads
- Latest CVE's For MySQL
- [EXTERNAL] Re: Install of CentOS 7.6 On Dell PowerEdge R830 Hangs
- Install of CentOS 7.6 On Dell PowerEdge R830 Hangs
- 'gnome-daemon-settings' Doesn't Start When Attempting To Make Changes
- Centos 7.5..and My GDM Greeter/GDM Don't Work Anymore