Not the answer you need?
Register and ask your own question!

Security update re CVE-2016-6662

Rob ThomasRob Thomas EntrantInactive User Role Beginner
We've just received an email (from Percona, thanks guys!) alerting us to CVE-2106-6662, and that we should be running 5.6.32-78.0 or higher Being the good peope we are, we immediately went and tried to update our Percona servers..
[root@cluster-db-1 ~]# rpm -qa | grep Perc
[root@cluster-db-1 ~]# yum clean metadata
Loaded plugins: fastestmirror
Cleaning repos: base epel extras percona-release-noarch percona-release-x86_64 sensu updates
21 metadata files removed
14 sqlite files removed
0 metadata files removed
[root@cluster-db-1 ~]# yum update
Loaded plugins: fastestmirror
base                                                                                                                               | 3.6 kB  00:00:00
epel/x86_64/metalink                                                                                                               | 8.8 kB  00:00:00
epel                                                                                                                               | 4.3 kB  00:00:00
extras                                                                                                                             | 3.4 kB  00:00:00
percona-release-noarch                                                                                                             | 2.4 kB  00:00:00
percona-release-x86_64                                                                                                             | 2.5 kB  00:00:00
sensu                                                                                                                              | 2.5 kB  00:00:00
updates                                                                                                                            | 3.4 kB  00:00:00
(1/10): base/7/x86_64/group_gz                                                                                                     | 155 kB  00:00:00
(2/10): epel/x86_64/group_gz                                                                                                       | 170 kB  00:00:00
(3/10): epel/x86_64/updateinfo                                                                                                     | 622 kB  00:00:00
(4/10): percona-release-noarch/7/primary_db                                                                                        |  13 kB  00:00:00
(5/10): percona-release-x86_64/7/x86_64/primary_db                                                                                 | 332 kB  00:00:00
(6/10): extras/7/x86_64/primary_db                                                                                                 | 160 kB  00:00:00
(7/10): sensu/x86_64/primary_db                                                                                                    |  38 kB  00:00:00
(8/10): base/7/x86_64/primary_db                                                                                                   | 5.3 MB  00:00:01
(9/10): epel/x86_64/primary_db                                                                                                     | 4.2 MB  00:00:00
(10/10): updates/7/x86_64/primary_db                                                                                               | 7.1 MB  00:00:01
Loading mirror speeds from cached hostfile
 * base:
 * epel:
 * extras:
 * updates:
No packages marked for update
[root@cluster-db-1 ~]#

Has someone forgotten to move the new RPMs out of testing? 8)


  • pavelkpavelk Entrant Inactive User Role Beginner

    will be this update also available for Percona XtraDB Cluster? We are currently using latest version available 5.5.41. Is there a plan to implenet security fixes and new features also in MySQL product line 5.5?

    Thanks in advance

  • shockwavecsshockwavecs Contributor Inactive User Role Beginner
    the email you received likely states on Percona Server and not XtraDB Cluster. It will come out after they give it a good testing.
  • BarrettBarrett Percona Percona Staff Role
    Hi Pavel and Rob,

    shockwavecs is correct.

    Here is a blog post concerning the CVE-2016-6662 vulnerability:

    The update for Percona XtraDB Cluster is planned, but not yet released.
  • zoezoe Entrant Inactive User Role Beginner
    Hi everyone,

    Excuse me if this is the wrong place to ask this but following the blog post regarding the CVE-2016-6662 vulnerability, we are currently using Percona-XtraDB-Cluster-server-56-5.6.26. After checking for an update i get this output
    Package Arch Version Repository Size
    Percona-XtraDB-Cluster-56-debuginfo x86_64 1:5.6.30-25.16.1.el7 percona-release-x86_64 37 M
    Percona-XtraDB-Cluster-client-56 x86_64 1:5.6.30-25.16.1.el7 percona-release-x86_64 5.4 M
    Percona-XtraDB-Cluster-devel-56 x86_64 1:5.6.30-25.16.1.el7 percona-release-x86_64 2.1 M
    Percona-XtraDB-Cluster-full-56 x86_64 1:5.6.30-25.16.1.el7 percona-release-x86_64 26 k
    Percona-XtraDB-Cluster-galera-3 x86_64 3.16-1.rhel7 percona-release-x86_64 852 k
    Percona-XtraDB-Cluster-galera-3-debuginfo x86_64 3.16-1.rhel7 percona-release-x86_64 9.7 M
    Percona-XtraDB-Cluster-garbd-3 x86_64 3.16-1.rhel7 percona-release-x86_64 630 k
    Percona-XtraDB-Cluster-server-56 x86_64 1:5.6.30-25.16.1.el7 percona-release-x86_64 18 M
    Percona-XtraDB-Cluster-shared-56 x86_64 1:5.6.30-25.16.1.el7 percona-release-x86_64 615 k
    Percona-XtraDB-Cluster-test-56 x86_64 1:5.6.30-25.16.1.el7 percona-release-x86_64 21 M
    Transaction Summary

    Is there a guide for a safe upgrade from 5.6.26 to 5.6.30 or do i even need one? Can you provide advice on how to proceed on updating a production cluster, should i do a rolling upgrade or bring down the whole cluster before doing the update

    Thanks for the time

  • blade106blade106 Contributor Inactive User Role Supporter
    This package is still affected by the CVE bug. So you'll have to upgrade twice. We are waiting for the fixed one (could be 5.6.30 or higher).

    For the upgrade, it's pretty strait forward, but you can check if there is specific changes by looking at the MySQL changelog between 5.6.26 and 5.6.30. Then you just upgrade one node at a time, and do wait for the node to be in sync again. The best way to check this is to
    tail -f /var/log/mysql/mysql.log
    and wait for the line
    WSREP: Shifting JOINED -> SYNCED
    . You also have some tutorials on this very website.
  • blade106blade106 Contributor Inactive User Role Supporter
    It seems that 5.6.30-25.16-2.jessie has just been set to Debian's repository. Thanks!
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.