What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-92f04c6b61
2018-05-15 19:59:59.036932
--------------------------------------------------------------------------------Name        : mysql-mmm
Product     : Fedora 26
Version     : 2.2.1
Release     : 20.fc26
URL         : https://mysql-mmm.org
Summary     : Multi-Master Replication Manager for MySQL
Description :
MMM (MySQL Master-Master Replication Manager) is a set of flexible scripts
to perform monitoring/failover and management of MySQL Master-Master
replication configurations (with only one node writable at any time). The
toolset also has the ability to read balance standard master/slave
configurations with any number of slaves, so you can use it to move virtual
IP addresses around a group of servers depending on whether they are behind
in replication. In addition to that, it also has scripts for data backups,
resynchronization between nodes etc.

--------------------------------------------------------------------------------Update Information:

# Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection
Vulnerabilities  This update adds data sanitization to inputs for the mmm agent.
Multiple exploitable remote command injection vulnerabilities exist in the MySQL
Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd
commonly runs with root privileges and does not require authentication by
default. A specially crafted MMM protocol message can cause a shell command
injection resulting in arbitrary command execution with the privileges of the
mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd
can trigger these vulnerabilities.  The impact of these vulnerabilities can be
lessened by configuring mmm_agentd to require TLS mutual authentication and by
using network ACLs to prevent hosts other than legitimate mmm_mond hosts from
accessing mmm_agentd.  For example on Linux iptables rules can be used to block
access to the port mmm_agent is listening on from all hosts except the
mmm_monitor.  The configuration of ssl can be used where firewall rules are not
practical. See Socket Documentation https://mysql-mmm.org/mysql-mmm.html#SEC58
Add to mmm_common.conf               type ssl         cert_file
/etc/ssl/certs/www..bundle.crt         key_file
/etc/ssl/certs/www..key         ca_file /etc/ssl/certs/ca-bundle.crt
# or ca-certificates.crt       Now only those with access to the
private key can send commands. Whilst your web server certificate will do the
job, you may consider registering a dedicated certificate just for this task.
NOTE: By now there are a some good alternatives to MySQL-MMM.       Maybe you
want to check out Galera Cluster which is part       of MariaDB Galera Cluster
and Percona XtraDB Cluster.  - https://mysql-mmm.org - https://galeracluster.com/
- https://mariadb.com/kb/en/library/what-is-mariadb-galera-cluster/ ---------------------------------------------------------------------------------ChangeLog:

* Wed May  2 2018 David Beveridge  2.2.1-20
- Patch for mmm_agentd Remote Command Injection Vulnerabilities
- TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481
* Thu Feb  8 2018 Fedora Release Engineering  - 2.2.1-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Dec 20 2017 Ruben Kerkhof  - 2.2.1-18
- Correct permissions for systemd units (#1527992)
* Wed Jul 26 2017 Fedora Release Engineering  - 2.2.1-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1575161
        https://bugzilla.redhat.com/show_bug.cgi?id=1575161
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-92f04c6b61' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 26: mysql-mmm Security Update

May 15, 2018
# Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent

Summary

MMM (MySQL Master-Master Replication Manager) is a set of flexible scripts

to perform monitoring/failover and management of MySQL Master-Master

replication configurations (with only one node writable at any time). The

toolset also has the ability to read balance standard master/slave

configurations with any number of slaves, so you can use it to move virtual

IP addresses around a group of servers depending on whether they are behind

in replication. In addition to that, it also has scripts for data backups,

resynchronization between nodes etc.

# Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection

Vulnerabilities This update adds data sanitization to inputs for the mmm agent.

Multiple exploitable remote command injection vulnerabilities exist in the MySQL

Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd

commonly runs with root privileges and does not require authentication by

default. A specially crafted MMM protocol message can cause a shell command

injection resulting in arbitrary command execution with the privileges of the

mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd

can trigger these vulnerabilities. The impact of these vulnerabilities can be

lessened by configuring mmm_agentd to require TLS mutual authentication and by

using network ACLs to prevent hosts other than legitimate mmm_mond hosts from

accessing mmm_agentd. For example on Linux iptables rules can be used to block

access to the port mmm_agent is listening on from all hosts except the

mmm_monitor. The configuration of ssl can be used where firewall rules are not

practical. See Socket Documentation https://mysql-mmm.org/mysql-mmm.html#SEC58

Add to mmm_common.conf type ssl cert_file

/etc/ssl/certs/www..bundle.crt key_file

/etc/ssl/certs/www..key ca_file /etc/ssl/certs/ca-bundle.crt

# or ca-certificates.crt Now only those with access to the

private key can send commands. Whilst your web server certificate will do the

job, you may consider registering a dedicated certificate just for this task.

NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you

want to check out Galera Cluster which is part of MariaDB Galera Cluster

and Percona XtraDB Cluster. - https://mysql-mmm.org - https://galeracluster.com/

* Wed May 2 2018 David Beveridge 2.2.1-20

- Patch for mmm_agentd Remote Command Injection Vulnerabilities

- TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481

* Thu Feb 8 2018 Fedora Release Engineering - 2.2.1-19

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Wed Dec 20 2017 Ruben Kerkhof - 2.2.1-18

- Correct permissions for systemd units (#1527992)

* Wed Jul 26 2017 Fedora Release Engineering - 2.2.1-17

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[ 1 ] Bug #1575161

https://bugzilla.redhat.com/show_bug.cgi?id=1575161

su -c 'dnf upgrade --advisory FEDORA-2018-92f04c6b61' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

FEDORA-2018-92f04c6b61 2018-05-15 19:59:59.036932 Product : Fedora 26 Version : 2.2.1 Release : 20.fc26 URL : https://mysql-mmm.org Summary : Multi-Master Replication Manager for MySQL Description : MMM (MySQL Master-Master Replication Manager) is a set of flexible scripts to perform monitoring/failover and management of MySQL Master-Master replication configurations (with only one node writable at any time). The toolset also has the ability to read balance standard master/slave configurations with any number of slaves, so you can use it to move virtual IP addresses around a group of servers depending on whether they are behind in replication. In addition to that, it also has scripts for data backups, resynchronization between nodes etc. # Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger these vulnerabilities. The impact of these vulnerabilities can be lessened by configuring mmm_agentd to require TLS mutual authentication and by using network ACLs to prevent hosts other than legitimate mmm_mond hosts from accessing mmm_agentd. For example on Linux iptables rules can be used to block access to the port mmm_agent is listening on from all hosts except the mmm_monitor. The configuration of ssl can be used where firewall rules are not practical. See Socket Documentation https://mysql-mmm.org/mysql-mmm.html#SEC58 Add to mmm_common.conf type ssl cert_file /etc/ssl/certs/www..bundle.crt key_file /etc/ssl/certs/www..key ca_file /etc/ssl/certs/ca-bundle.crt # or ca-certificates.crt Now only those with access to the private key can send commands. Whilst your web server certificate will do the job, you may consider registering a dedicated certificate just for this task. NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you want to check out Galera Cluster which is part of MariaDB Galera Cluster and Percona XtraDB Cluster. - https://mysql-mmm.org - https://galeracluster.com/ * Wed May 2 2018 David Beveridge 2.2.1-20 - Patch for mmm_agentd Remote Command Injection Vulnerabilities - TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481 * Thu Feb 8 2018 Fedora Release Engineering - 2.2.1-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Dec 20 2017 Ruben Kerkhof - 2.2.1-18 - Correct permissions for systemd units (#1527992) * Wed Jul 26 2017 Fedora Release Engineering - 2.2.1-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [ 1 ] Bug #1575161 https://bugzilla.redhat.com/show_bug.cgi?id=1575161 su -c 'dnf upgrade --advisory FEDORA-2018-92f04c6b61' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 26
Version : 2.2.1
Release : 20.fc26
URL : https://mysql-mmm.org
Summary : Multi-Master Replication Manager for MySQL

Related News

New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs

Nov 15, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Critical Exim RCE, Info Disclosure Bugs Fixed

Oct 8, 2023

Severe Chromium DoS, Info Disclosure Vulns Fixed

Oct 25, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo