Various MySQL Security Updates from January 2020
23941
13 October 2020
13 October 2020
CLOSED
MEDIUM
Severity
Medium
Vendor
VMware Tanzu
Description
Various products in VMware Tanzu contain several vulnerabilities through their consumption of MySQL.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- MySQL for VMware Tanzu
- 2.7 versions prior to 2.7.9
- 2.8 versions prior to 2.8.2
- VMware Tanzu Application Service for VMs
- 2.7.x versions prior to 2.7.21
- 2.8.x versions prior to 2.8.15
- 2.9.x versions prior to 2.9.9
- 2.10.x versions prior to 2.10.1
- VMware Tanzu Kubernetes Grid Integrated Edition
- 1.7 versions prior to 1.7.2
- All 1.8 versions (patch pending)
Mitigation
- MySQL for VMware Tanzu
- 2.7.9
- 2.8.2
- 2.9.0
- VMware Tanzu Application Service for VMs
- 2.7.21
- 2.8.15
- 2.9.9
- 2.10.1
- VMware Tanzu Kubernetes Grid Integrated Edition
- 1.7.2
- 1.9.0
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.cloudfoundry.org/blog/mysql-security-updates-jan2020/
History
2020-10-13: Initial vulnerability report published.