mysqlsecurityopenvas

MySQL Community Server - Security Patches


I have been running a MySQL Community Server for a couple of years now and a new client has asked for a report from a vulnerability scanner on our network. I am using OpenVAS and the network is fine apart from the server, its returning a high threat stating that a MySQL security patch needs to be applied. I've gone onto the Oracle website and I believe that I require a Support Identifier to apply the patch, so I done some Googling and its basically a subscription from Oracle. As its a small company is there a way to apply this patch for the community edition without the need to fork out a ton of money, or shall I just filter incoming traffic to the mysql port (Its not the actual fix but at least its one)?

Cheers for the help!


Solution

  • A first measure would be closing the MySQL port through a firewall (iptables), or at least restricting it to the machines in the internal network needing direct access to MySQL.

    As for the patch: Maybe there are newer pre-built packages for your OS/distro which already contain the bugfix.