Looks like a series of vulnerability alerts for Oracle MySQL have been issued: CVE-2018-2562, CVE-2018-2647 (both high), CVE-2018-2645, CVE-2018-2646, CVE-2018-2665 (all three medium). This affects versions 5.7.20 and prior. I know CentOS/RedHat usually do backports--anybody know if this is the case, or do we have to go 'outside' now, and get the MySQL repository to use, for the latest and greatest?
PEV
On 01/25/2018 09:58 AM, Paul E. Virgo wrote:
Looks like a series of vulnerability alerts for Oracle MySQL have been issued: CVE-2018-2562, CVE-2018-2647 (both high), CVE-2018-2645, CVE-2018-2646, CVE-2018-2665 (all three medium). This affects versions 5.7.20 and prior. I know CentOS/RedHat usually do backports--anybody know if this is the case, or do we have to go 'outside' now, and get the MySQL repository to use, for the latest and greatest?
PEV
Red Hat no longer uses mysql in EL7 .. it uses mariadb.
They will backport any security updates for the mysql in EL6.
Johnny,
Thanks. I needed this to present as 'ammo' for not using a 3rd-party MySQL repo to address these security issues.
PEV
On 01/25/2018 11:03 AM, Johnny Hughes wrote:
On 01/25/2018 09:58 AM, Paul E. Virgo wrote:
Looks like a series of vulnerability alerts for Oracle MySQL have been issued: CVE-2018-2562, CVE-2018-2647 (both high), CVE-2018-2645, CVE-2018-2646, CVE-2018-2665 (all three medium). This affects versions 5.7.20 and prior. I know CentOS/RedHat usually do backports--anybody know if this is the case, or do we have to go 'outside' now, and get the MySQL repository to use, for the latest and greatest?
PEV
Red Hat no longer uses mysql in EL7 .. it uses mariadb.
They will backport any security updates for the mysql in EL6.