Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

MySQL Vulnerability CVE-2018-2562 and CVE-2018-2647

Discussion in 'Security' started by Gregory Aman, Jan 23, 2018.

  1. Gregory Aman

    Gregory Aman Registered

    Joined:
    Jan 23, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Austin, Tx
    cPanel Access Level:
    Reseller Owner
    Below are two vulnerabilities that look to have been addressed in MySQL 5.6.39 and MySQL 5.7.21. I know that 5.7 is currently being worked on for whm 70 release (or close to it), so i am hoping that 5.6.39 can be implemented quickly. All updates through cpanel, whm, and yum command line show 5.6.38 as the latest version available.

    Is there a way to force update on 5.6.38 to 5.6.39?

    Below are the vulnerability details as well as links to the nist resource page.

    Thanks in advance.

    oracle -- mysql

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

    2018-01-17


    NVD - CVE-2018-2647

    oracle -- mysql

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

    2018-01-17

    NVD - CVE-2018-2647
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,353
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Manually updating MySQL to a newer version through YUM is unsupported. Internal case CPANEL-17969 is open for the inclusion of MySQL version 5.6.39. It's currently planned for inclusion with cPanel version 70 and cPanel version 62 (the two LTS versions). MySQL version 5.7.21 is already included with cPanel version 70. cPanel version 70 is tentatively planned for publication to the "Current" build tier this month.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Gregory Aman

    Gregory Aman Registered

    Joined:
    Jan 23, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Austin, Tx
    cPanel Access Level:
    Reseller Owner
    Thanks for the quick reply.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice