Question

How does one fix this MySQL zero day vulnerability on Ubuntu 14.04?

It seems there’s a nasty MySQL zero day flaw that needs to be fixed on all servers running MySQL 5.7.13 and below, including MariaDB and PerconaDB: http://seclists.org/oss-sec/2016/q3/481

Does anyone know how to apply the patch to fix this vulnerability ? A quick D.O tutorial would be pretty handy.

Subscribe
Share

Ok, just noticed that no official patches are available until end of October and the solution until then is to ensure that “no mysql config files are owned by mysql user”.

See Section IX of this page


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

It appears that this vulnerability requires the attacker to already have a valid MySQL user account on your server before they can escalate privileges.

While concerning this should not provide a new attack vector unless you are running a shared hosting environment for other users. I would recommend ensuring you have updates running automatically so when an updated version is released your copy of MySQL will be updated automatically.