• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Security vulnerability in MySQL/MariaDB

p4guru

Well-known member
#2
All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.
MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.
MariaDB 5.2.12 and MySQL 5.5.24 here :)

but thanks for heads up :)
 

mlx

Well-known member
#3
Here's a more detailed post about which versions and distros seem to be affected: https://community.rapid7.com/commun...2-a-tragically-comedic-security-flaw-in-mysql

So far, the following systems have been confirmed as vulnerable:
  • Ubuntu Linux 64-bit ( 10.04, 10.10, 11.04, 11.10, 12.04 ) ( via many including @michealc )
  • OpenSuSE 12.1 64-bit MySQL 5.5.23-log ( via @michealc )
  • Fedora 16 64-bit ( via hexed )
  • Arch Linux (unspecified version)
Feedback so far indicates the following platforms are NOT vulnerable:
  • Official builds from MySQL and MariaDB (including Windows)
  • Red Hat Enterprise Linux, CentOS (32-bit and 64-bit) [ not conclusive ]
  • Ubuntu Linux 32-bit (10.04, 11.10, 12.04, likely all)
  • Debian Linux 6.0.3 64-bit (Version 14.14 Distrib 5.5.18)
  • Debian Linux lenny 32-bit 5.0.51a-24+lenny5 ( via @matthewbloch )
  • Debian Linux lenny 64-bit 5.0.51a-24+lenny5 ( via @matthewbloch )
  • Debian Linux lenny 64-bit 5.1.51-1-log( via @matthewbloch )
  • Debian Linux squeeze 64-bit 5.1.49-3-log ( via @matthewbloch )
  • Debian Linux squeeze 32-bit 5.1.61-0+squeeze1 ( via @matthewbloch )
  • Debian Linux squeeze 64-bit 5.1.61-0+squeeze1 ( via @matthewbloch )
  • Gentoo 64-bit 5.1.62-r1 ( via @twit4c )
  • SuSE 9.3 i586 MySQL 4.1.10a ( via @twit4c )
 

mlx

Well-known member
#7

p4guru

Well-known member
#8
Yeah just update to latest versions.

FYI, cpanel/whm has stated no problems with any of their MySQL versions even <5.1.63.
 

Adam Howard

Well-known member
#9
How do I upgrade my mySQL to the latest stable version on ubuntu 64b?
Assuming you're not using a control panel.....

The following should help

Back up any customized config files 1st

Code:
apt-get install aptitude
Code:
aptitude update
Code:
aptitude full-upgrade
You should be all set.