-1

I have been running a MySQL Community Server for a couple of years now and a new client has asked for a report from a vulnerability scanner on our network. I am using OpenVAS and the network is fine apart from the server, its returning a high threat stating that a MySQL security patch needs to be applied. I've gone onto the Oracle website and I believe that I require a Support Identifier to apply the patch, so I done some Googling and its basically a subscription from Oracle. As its a small company is there a way to apply this patch for the community edition without the need to fork out a ton of money, or shall I just filter incoming traffic to the mysql port (Its not the actual fix but at least its one)?

Cheers for the help!

RJK
  • 151
  • 8
  • 1
    A first measure would be closing the MySQL port through a firewall (iptables), or at least restricting it to the machines in the internal network needing direct access to MySQL. As for the patch: Maybe there are newer pre-built packages for your OS/distro which already contain the bugfix. – lxg Sep 12 '14 at 22:12
  • Cheers @lxg I'll re-download the community edition in hope that it contains the bug fix, I will re-run the vulnerability scan and get back to you. – RJK Sep 12 '14 at 22:15
  • @lxg I re-ran the vulnerability scan and it hasn't picked up the MySQL high threat, so I assume re-downloading the community server fixed the problem. Cheers for the help. – RJK Sep 13 '14 at 13:56
  • I posted my suggestion as answer, so people see it as resolved … ah, while I'm writing this, you've already accepted. Thanks! :) – lxg Sep 13 '14 at 13:58

1 Answers1

0

A first measure would be closing the MySQL port through a firewall (iptables), or at least restricting it to the machines in the internal network needing direct access to MySQL.

As for the patch: Maybe there are newer pre-built packages for your OS/distro which already contain the bugfix.

lxg
  • 12,375
  • 12
  • 51
  • 73