MySQL Vulnerability CVE-2018-2562 and CVE-2018-2647

Gregory Aman

Registered
Jan 23, 2018
2
0
1
Austin, Tx
cPanel Access Level
Reseller Owner
Below are two vulnerabilities that look to have been addressed in MySQL 5.6.39 and MySQL 5.7.21. I know that 5.7 is currently being worked on for whm 70 release (or close to it), so i am hoping that 5.6.39 can be implemented quickly. All updates through cpanel, whm, and yum command line show 5.6.38 as the latest version available.

Is there a way to force update on 5.6.38 to 5.6.39?

Below are the vulnerability details as well as links to the nist resource page.

Thanks in advance.

oracle -- mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

2018-01-17


NVD - CVE-2018-2647

oracle -- mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

2018-01-17

NVD - CVE-2018-2647
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,215
363
Hello,

Manually updating MySQL to a newer version through YUM is unsupported. Internal case CPANEL-17969 is open for the inclusion of MySQL version 5.6.39. It's currently planned for inclusion with cPanel version 70 and cPanel version 62 (the two LTS versions). MySQL version 5.7.21 is already included with cPanel version 70. cPanel version 70 is tentatively planned for publication to the "Current" build tier this month.

Thank you.
 

Gregory Aman

Registered
Jan 23, 2018
2
0
1
Austin, Tx
cPanel Access Level
Reseller Owner
Hello,

Manually updating MySQL to a newer version through YUM is unsupported. Internal case CPANEL-17969 is open for the inclusion of MySQL version 5.6.39. It's currently planned for inclusion with cPanel version 70 and cPanel version 62 (the two LTS versions). MySQL version 5.7.21 is already included with cPanel version 70. cPanel version 70 is tentatively planned for publication to the "Current" build tier this month.

Thank you.
Thanks for the quick reply.