Various MySQL Security Updates from July 2019
Severity
Medium
Vendor
VMware Tanzu
Description
Various products in VMware Tanzu contain several vulnerabilities through their consumption of MySQL.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
-
MySQL for VMware Tanzu
- 2.5 versions prior to 2.5.9
- 2.6 versions prior to 2.6.5
- 2.7 versions prior to 2.7.4
-
VMware Tanzu Kubernetes Grid Integrated Edition
- 1.5 versions prior to 1.5.2
- 1.6 versions prior to 1.6.2
-
VMware Tanzu Application Service for VMs
- 2.6.x versions prior to 2.6.13
- 2.7.x versions prior to 2.7.7
- 2.8.x versions prior to 2.8.1
Mitigation
Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:
-
MySQL for VMware Tanzu
- 2.5.9
- 2.6.5
- 2.7.4
- 2.8.0
-
VMware Tanzu Kubernetes Grid Integrated Edition
- 1.5.2
- 1.6.2
- 1.7.0
- 1.8.0
-
VMware Tanzu Application Service for VMs
- 2.6.13
- 2.7.7
- 2.8.1
- 2.9.0
References
- https://www.oracle.com/security-alerts/cpujul2019.html
- https://www.cloudfoundry.org/blog/mysql-security-updates-jul2019/
History
2020-07-30: Initial vulnerability report published.