Home » Vulnerable Oracle MySQL: safety alert! Many IT vulnerabilities have been reported

Vulnerable Oracle MySQL: safety alert! Many IT vulnerabilities have been reported

by admin
Vulnerable Oracle MySQL: safety alert!  Many IT vulnerabilities have been reported

A safety alert issued for Oracle MySQL has acquired an replace from BSI. You can discover out what affected customers can do right here.

Federal workplace for Security in Information Technology (BSI) has printed an replace on May 16, 2024 to probably the most susceptible safety gap in Oracle MySQL recognized on April 16, 2024. The safety vulnerability impacts Linux, UNIX and Windows working techniques and Oracle merchandise MySQL, Red Hat Enterprise Linux and MariaDB MariaDB.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: MariaDB 11.2.4 Release Notes (From 17 May 2024). Some helpful sources are listed later on this article.

Multiple vulnerabilities for Oracle MySQL – Risk: reasonable

Risk degree: 3 (reasonable)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS customary makes it potential to match potential or precise safety dangers primarily based on numerous metrics as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body situations that will change over time are thought of within the take a look at. The severity of the vulnerability mentioned right here is classed as “reasonable” in keeping with the CVSS with a base rating of seven.5.

See also  Why did Li Ziqi turn his face with Wei Nian with no harvest and fullness of grains? _Detailed Interpretation_Latest News_Hot Events-36kr

Oracle MySQL Bug: Description of the assault

MySQL is an open supply database server from Oracle.

An attacker can exploit many vulnerabilities in Oracle MySQL to compromise confidentiality, integrity, and availability.

Vulnerabilities are categorized utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2023-44487, CVE-2023-6129, CVE-2024-0853, CVE-2024-20993, CVE-2024-20994, CVE-2024-20998, CVE-2024-2102002, CVE-2024-202002, 4 2024-21009, CVE-2024-21013, CVE-2024-21015, CVE-2024-21047, CVE-2024-21049, CVE-2024-21050, CVE-2024-21020512, CVE-2105052, CVE-2024-2050 12 21053, CVE-2024-21054, CVE-2024-21055, CVE-2024-21056, CVE-2024-21057, CVE-2024-21060, CVE-2024-21061, CVE-2024-2024, CVE-2024-21060 -2024-21087, CVE-2024-21090, CVE-2024-21096, CVE-2024-21101 and CVE-2024-21102.

Systems affected by the safety hole at a look

Operating techniques
Linux, UNIX, Windows

Products
Oracle MySQL Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Oracle MySQL Oracle MySQL Oracle MySQL Oracle MySQL Oracle MySQL Oracle MySQL MySQL MySQL MariaDB MariaDB MariaDB i -MariaDB MariaDB MariaDB MariaDB

General suggestions for addressing IT safety gaps

  1. Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically accommodates extra details about the newest model of the software program in query and the provision of safety patches or efficiency suggestions.
  3. If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly verify the required sources to see if a brand new safety replace is accessible.

Sources for updates, patches and workarounds

Here you’ll discover some hyperlinks with details about bug experiences, safety fixes and workarounds.

See also  MWC, Intel Xeon 4a generation con Intel vRAN Boost

MariaDB 11.2.4 Release Notes vom 2024-05-17 (16.05.2024)
For extra info, see:

MariaDB 10.6.18 Release Notes vom 2024-05-17 (16.05.2024)
For extra info, see:

MariaDB 10.5.25 Release Notes vom 2024-05-17 (16.05.2024)
For extra info, see:

MariaDB 10.11.8 Release Notes vom 2024-05-17 (16.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2619 vom 2024-04-30 (01.05.2024)
For extra info, see:

Oracle Critical Patch Update Advisory – April 2024 – Appendix Oracle MySQL vom 2024-04-16 (16.04.2024)
For extra info, see:

Version historical past of this safety alert

This is model 3 of this IT safety discover for Oracle MySQL. This doc shall be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past beneath.

April 16, 2024 – First model
May 1, 2024 – New updates from Red Hat added
May 16, 2024 – New updates added

+++ Editorial notice: This doc is predicated on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial crew.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy