Recent security woes in MySQL

For those who don’t know, several security vulnerabilities in MySQL were discovered recently and published to the security mailing lists. Yet another time, remote attacker can badly hit your production systems causing long downtime.

 

List of security issues:

 

As always, we strongly recommend to:

  • ensure that MySQL to do not listen on public interface that is accessible from the internet
  • limit access to MySQL per host/sub-net
  • remove all test accounts that might be an effect of installation or developement process (e.g., test users)
  • upgrade MySQL to newest, unaffected version available
  • REVOKE privileges that are not mandatory (see description of CVE-2012-5613)
  • read dbasquare.com and stay up to date with MySQL security news ;)

 

Tomorrow, I will do some testing to see which versions are vulnerable and which are safe. Of course, I will share results here.

[MySQL Health Check]

Speak Your Mind

*