Various MySQL Security Updates from April 2020
Severity
Critical
Vendor
VMware Tanzu
Description
Various products in VMware Tanzu contain several vulnerabilities through their consumption of MySQL.
Affected VMware Products and Versions
Severity is critical unless otherwise noted.
-
MySQL for VMware Tanzu
- 2.7 versions prior to 2.7.9
- 2.8 versions prior to 2.8.2
-
VMware Tanzu Application Service for VMs
- 2.7.x versions prior to 2.7.21
- 2.8.x versions prior to 2.8.15
- 2.9.x versions prior to 2.9.9
- 2.10.x versions prior to 2.10.1
-
VMware Tanzu Kubernetes Grid Integrated Edition
- 1.7 versions prior to 1.7.2
- All 1.8 versions (patch pending)
Mitigation
Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:
-
MySQL for VMware Tanzu
- 2.7.9
- 2.8.2
- 2.9.0
-
VMware Tanzu Application Service for VMs
- 2.7.21
- 2.8.15
- 2.9.9
- 2.10.1
-
VMware Tanzu Kubernetes Grid Integrated Edition
- 1.7.2
- 1.9.0
References
- https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
- https://www.cloudfoundry.org/blog/mysql-security-updates-apr2020/
History
2020-10-13: Initial vulnerability report published.