MySQL Vulnerability patch requests for DX NetOps Performance Management

book

Article ID: 225067

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

We have requirements to patch the following MyQSL vulnerabilities. Can you please confirm if any of these patches (and/or resolution of these QIDs) would break the normal operation of MySQL or PM in general?

QID 20221: Refer to vendor advisory Oracle MySQL April 2021
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Oracle MySQL April 2021 Critical Patch Update (CPUAPR2021)
QID 20203: Refer to vendor advisory Oracle MySQL April 2021
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Oracle MySQL April 2021 Critical Patch Update (CPUAPR2021) Oracle MySQL January 2021
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MySQL CPJAN2021
QID 20225: Refer to vendor advisory Oracle MySQL April 2021
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Oracle MySQL April 2021 Critical Patch Update (CPUAPR2021) Oracle MySQL January 2021
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MySQL CPJAN2021 Oracle MySQL April 2021
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Oracle MySQL April 2021 Critical Patch Update (CPUJUL2021)

Environment

All supported DX NetOps Performance Management releases r21.2.4 and earlier (subject to change)

Resolution

Patching of MySql used by the DX NetOps Performance Management systems outside of a product upgrade is not supported.

Four of the issues reported are fixed in CPUAPR2021. One is fixed in CPUJUL2021.

More information about each is available at these URLs.

  • https://www.oracle.com/security-alerts/cpuapr2021.html]

The highest affected versions are MySql Cluster 8.0.23 and MySql Server 5.7.33

  • https://www.oracle.com/security-alerts/cpujul2021.html

The highest affected versions are MySql Cluster 8.0.25 and MySql Server 5.7.34

As of 21.2.x, including the latest 21.2.3 release, we're using MySql Server version 5.7.32.

Additional Information

When are we planning an update to 5.7.34 or newer?

The next release that will have an upgrade to MySql is scheduled to be the one coming out end of 2021, or January 2022. That is of course subject to change.

What release will we upgrade to at that time?

We'll utilize whatever the latest/greatest stable supported version of MySql Server available at the time is.