Mysql 5.6.35 April 2017 Security Patch PCI Scan Failing

kjavitz

• May 02, 2017 11:44

Hi, My PCI security scan is failing because whm/cpanel does not seem to have patched with the April 2017 patch yet. I tried to have my server admin do it but he said it would not work and I had to switch to Maria DB. Does WHM/Cpanel have plans to auto-patch or apply the patch somehow via updates? Info from the scan: Vendor Reference: MySQL CPU April 2017 Bugtraq ID: Date updated: 19/04/2017 03:36 Threat: This Critical Patch Update contains 25 new security fixes for Oracle MySQL. Affected Versions: MySQL Server, versions 5.5.54 and prior, 5.6.35 and prior, 5.7.17 and prior Impact: Successful exploitation could allow an attacker to affect the confidentiality, integrity and availability of data on the target system. Solution: Refer to vendor advisory Oracle MySQL April 2017. Patch: Following are links for downloading patches to fix the vulnerabilities: Oracle MySQL April 2017 Result: Vulnerable MySQL server detected: 5.6.35-log

• 

  cPanelMichael

  • May 02, 2017 19:50

  Hello, Internal case CPANEL-12532 will ensure MySQL 5.6 is updated to version 5.6.35. I don't have a time frame to offer on when it will be released to a production build tier, but you can monitor the change logs for the case number: Change Logs - Change Logs - cPanel Documentation Thank you.

  0

Please sign in to leave a comment.