- Plesk for Windows
There are multiple vulnerabilities discovered in Oracle MySQL server Oracle MySQL Risk Matrix
- Admin's MySQL:
- MySQL Server 5.7.21 with Plesk 17.8.
- MySQL Server 5.5.57 with Plesk 17.5.
- MySQL Server 5.5.52 with Plesk 17.0.
- Clients' MySQL:
- MySQL Server 5.7.21 or MySQL Server 5.6.39 with Plesk 17.8.
- MySQL Server 5.6.36 with Plesk 17.5.
- MySQL Server 5.6.33 with Plesk 17.0.
In case if the vulnerability is successfully exploited, it can result in unauthorized access to MySQL Server data, unauthorized update, insert or delete access to some of MySQL Server accessible data, unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Note: This only affects Windows operating systems as Plesk uses
Call to action
- Plesk 17.0 MU #64
MySQL Server 5.6.33 has been updated to 5.6.43
Plesk 17.5 MU #67
MySQL Server 5.6.36 to has been updated to 5.6.43
Plesk 17.8 Update #41
MySQL Server 5.7.21 to has been updated to 5.7.25
MySQL Server 5.6.39 to has been updated to 5.6.43
As for Oracle MySQL Server 5.1 and 5.5. there is no information in Oracle Critical Patch Update Advisory from January 2019
It is recommended:
- For Plesk 17.5, 17.0 users - upgrade to Plesk 17.8.
- Stop using and uninstall "MySQL Server 5.1" component.