mlx Well-known member Jun 11, 2012 #1 Hacking MySQL the easy way on Ubuntu: http://pastie.org/private/903voijkkz8nmde3yqj4rw Advisory: http://seclists.org/oss-sec/2012/q2/493
Hacking MySQL the easy way on Ubuntu: http://pastie.org/private/903voijkkz8nmde3yqj4rw Advisory: http://seclists.org/oss-sec/2012/q2/493
p4guru Well-known member Jun 11, 2012 #2 All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not. Click to expand... MariaDB 5.2.12 and MySQL 5.5.24 here but thanks for heads up
All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not. Click to expand... MariaDB 5.2.12 and MySQL 5.5.24 here but thanks for heads up
mlx Well-known member Jun 11, 2012 #3 Here's a more detailed post about which versions and distros seem to be affected: https://community.rapid7.com/commun...2-a-tragically-comedic-security-flaw-in-mysql So far, the following systems have been confirmed as vulnerable: Ubuntu Linux 64-bit ( 10.04, 10.10, 11.04, 11.10, 12.04 ) ( via many including @michealc ) OpenSuSE 12.1 64-bit MySQL 5.5.23-log ( via @michealc ) Fedora 16 64-bit ( via hexed ) Arch Linux (unspecified version) Feedback so far indicates the following platforms are NOT vulnerable: Official builds from MySQL and MariaDB (including Windows) Red Hat Enterprise Linux, CentOS (32-bit and 64-bit) [ not conclusive ] Ubuntu Linux 32-bit (10.04, 11.10, 12.04, likely all) Debian Linux 6.0.3 64-bit (Version 14.14 Distrib 5.5.18) Debian Linux lenny 32-bit 5.0.51a-24+lenny5 ( via @matthewbloch ) Debian Linux lenny 64-bit 5.0.51a-24+lenny5 ( via @matthewbloch ) Debian Linux lenny 64-bit 5.1.51-1-log( via @matthewbloch ) Debian Linux squeeze 64-bit 5.1.49-3-log ( via @matthewbloch ) Debian Linux squeeze 32-bit 5.1.61-0+squeeze1 ( via @matthewbloch ) Debian Linux squeeze 64-bit 5.1.61-0+squeeze1 ( via @matthewbloch ) Gentoo 64-bit 5.1.62-r1 ( via @twit4c ) SuSE 9.3 i586 MySQL 4.1.10a ( via @twit4c ) Click to expand...
Here's a more detailed post about which versions and distros seem to be affected: https://community.rapid7.com/commun...2-a-tragically-comedic-security-flaw-in-mysql So far, the following systems have been confirmed as vulnerable: Ubuntu Linux 64-bit ( 10.04, 10.10, 11.04, 11.10, 12.04 ) ( via many including @michealc ) OpenSuSE 12.1 64-bit MySQL 5.5.23-log ( via @michealc ) Fedora 16 64-bit ( via hexed ) Arch Linux (unspecified version) Feedback so far indicates the following platforms are NOT vulnerable: Official builds from MySQL and MariaDB (including Windows) Red Hat Enterprise Linux, CentOS (32-bit and 64-bit) [ not conclusive ] Ubuntu Linux 32-bit (10.04, 11.10, 12.04, likely all) Debian Linux 6.0.3 64-bit (Version 14.14 Distrib 5.5.18) Debian Linux lenny 32-bit 5.0.51a-24+lenny5 ( via @matthewbloch ) Debian Linux lenny 64-bit 5.0.51a-24+lenny5 ( via @matthewbloch ) Debian Linux lenny 64-bit 5.1.51-1-log( via @matthewbloch ) Debian Linux squeeze 64-bit 5.1.49-3-log ( via @matthewbloch ) Debian Linux squeeze 32-bit 5.1.61-0+squeeze1 ( via @matthewbloch ) Debian Linux squeeze 64-bit 5.1.61-0+squeeze1 ( via @matthewbloch ) Gentoo 64-bit 5.1.62-r1 ( via @twit4c ) SuSE 9.3 i586 MySQL 4.1.10a ( via @twit4c ) Click to expand...
A Andy.N Well-known member Jun 11, 2012 #4 How do I upgrade my mySQL to the latest stable version on ubuntu 64b?
Luke F Well-known member Jun 11, 2012 #5 Arch Linux (unspecified version) Click to expand... Would have to have not updated at all for ~2 months I like how they claim Gentoo isn't vulnerable but Arch is...
Arch Linux (unspecified version) Click to expand... Would have to have not updated at all for ~2 months I like how they claim Gentoo isn't vulnerable but Arch is...
MattW Well-known member Jun 12, 2012 #6 Not impacting Percona either: http://www.mysqlperformanceblog.com.../0ER3fOvrPUfGjI4ATstnI/qLAzICFpZo2FFIH/KWc45B
Not impacting Percona either: http://www.mysqlperformanceblog.com.../0ER3fOvrPUfGjI4ATstnI/qLAzICFpZo2FFIH/KWc45B
mlx Well-known member Jun 12, 2012 #7 MattW said: Not impacting Percona either: http://www.mysqlperformanceblog.com/2012/06/11/on-security-vulnerability-in-percona-server-xtradb-cluster/?mkt_tok=3RkMMJWWfF9wsRokuqXKZKXonjHpfsX57+0rWK+0lMI/0ER3fOvrPUfGjI4ATstnI/qLAzICFpZo2FFIH/KWc45B Click to expand... Not impacting Percona binaries. The issue did exist in their source code and possibly third-party binaries as well. So in any case, people might wanna upgrade to the latest version.
MattW said: Not impacting Percona either: http://www.mysqlperformanceblog.com/2012/06/11/on-security-vulnerability-in-percona-server-xtradb-cluster/?mkt_tok=3RkMMJWWfF9wsRokuqXKZKXonjHpfsX57+0rWK+0lMI/0ER3fOvrPUfGjI4ATstnI/qLAzICFpZo2FFIH/KWc45B Click to expand... Not impacting Percona binaries. The issue did exist in their source code and possibly third-party binaries as well. So in any case, people might wanna upgrade to the latest version.
p4guru Well-known member Jun 13, 2012 #8 Yeah just update to latest versions. FYI, cpanel/whm has stated no problems with any of their MySQL versions even <5.1.63.
Yeah just update to latest versions. FYI, cpanel/whm has stated no problems with any of their MySQL versions even <5.1.63.
Adam Howard Well-known member Jun 18, 2012 #9 Andy.N said: How do I upgrade my mySQL to the latest stable version on ubuntu 64b? Click to expand... Assuming you're not using a control panel..... The following should help Back up any customized config files 1st Code: apt-get install aptitude Code: aptitude update Code: aptitude full-upgrade You should be all set.
Andy.N said: How do I upgrade my mySQL to the latest stable version on ubuntu 64b? Click to expand... Assuming you're not using a control panel..... The following should help Back up any customized config files 1st Code: apt-get install aptitude Code: aptitude update Code: aptitude full-upgrade You should be all set.