Various MySQL Security Updates from July 2018 through January 2019
Severity
Low
Vendor
Pivotal Cloud Foundry
Description
Various products in Pivotal Cloud Foundry contain several vulnerabilities through their consumption of MySQL.
Affected VMware Products and Versions
Severity is low unless otherwise noted.
- Percona Xtradb Cluster release versions prior to 0.14.3
- Pivotal Application Service 2.5.x versions prior to 2.5.4
- Pivotal Application Service 2.4.x versions prior to 2.4.8
- Pivotal Application Service 2.3.x versions prior to 2.3.12
- PCF Healthwatch 1.5.x versions prior to 1.5.4
- PCF Healthwatch 1.4.6 version prior to 1.4.6
- MySQL for PCF versions 2.5.x versions prior to 2.5.4
- MySQL for PCF versions 2.4.x versions prior to 2.4.4
- MySQL for PCF versions 2.3.x versions prior to 2.3.4
- PCF Metrics versions prior to 1.6.1
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Percona Xtradb Cluster release: 0.14.3
- Pivotal Application Service: 2.3.12, 2.4.8, 2.5.4
- PCF Healthwatch: 1.4.6, 1.5.4
- MySQL for PCF: 2.3.4, 2.4.4, 2.5.4
- PCF Metrics: 1.6.1
References
- https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
History
2019-07-22: Initial vulnerability report published