Fifteen medium priority vulnerabilities have been found in the Server and Client components of Oracle MySQL platform. The vulnerabilities have been allotted the CVE labels CVE-2018-2767, CVE-2018-3054, CVE-2018-3056, CVE-2018-3058, CVE-2018-3060, CVE-2018-3061, CVE-2018-3062, CVE-2018-3063, CVE-2018-3064, CVE-2018-3065, CVE-2018-3066, CVE-2018-3070, CVE-2018-3071, CVE-2018-3077, CVE-2018-3081. Exploitation of these vulnerabilities requires that the attacker obtain network access via multiple protocols to compromise the MySQL server.
As per the advisories posted on the Ubuntu website, to resolve the threats posed by these vulnerabilities, package updates have been released for the respective Ubuntu versions. The update mysql-server-5.7–126.96.36.199-0ubuntu0.18.04.1 is for Ubuntu 18.04 LTS and mysql-server-5.7–188.8.131.52-0ubuntu0.16.04.1 is for Ubuntu 16.04 LTS. The update for Ubuntu 14.04 LTS and Ubuntu 12.04 ESM is mysql-server-5.5–5.5.61-0ubuntu0.14.04.1 and mysql-server-5.5 – 5.5.61-0ubuntu0.12.04.1. These updates are available on the website for download and install directly.
You can also open the Update Manager for desktop and check the pending updates under the settings tab. Clicking on the updates and proceeding to install will apply the patches. On an update-notifier-common package for a server, you can check for updates with the following: “sudo apt-get update” and “sudo apt-get dist-upgrade”. Allowing permissions to proceed with the updates lets them install directly.
Submitted by: Arnfried Walbrecht