Hi,
I wanted to know if this vulnerability has been fixed (some news reports say MariaDB patched this on the 29th) my system is up to date but I don’t remember seeing MariaDB in the list of updates back then. Can someone confirm to me that this is fixed in EasyEngine’s repository as well?
Sorry for the delayed reply. We use MariaDB deb for EasyEngine and according to their blog post
MariaDB Server 10.1.8 or later from RPM or DEB packages are not affected by the vulnerability
So, you just need to make sure that your MariaDB version is higher than 10.1.8. You can update the package by the command:
apt-get install mariadb-server
or
ee stack upgrade --mysql
Thanks for the advice… For some reason I am unable to upgrade mariaDb and I am stuck on version 10.0.23-MariaDB even though I have tried
apt-get install mariadb-server
and
ee stack upgrade --mysql
and
apt-get update
apt-get upgrade
In addition to rebooting.
Is this an affected version and If so how else could I upgrade the mariadb
Any advice ?
I didnt get any reply but here is hoping that this script helps someone else
sudo apt-get install software-properties-common sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db sudo add-apt-repository ‘deb [arch=amd64,i386,ppc64el] http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu trusty main’ sudo apt-get update sudo apt-get install mariadb-server