Many MySQL Vulnerabilities [lowest priority]

Eliter · April 30, 2019, 12:56am

In the event that you are running an experimental version of Mail-in-a-Box, there are many vulnerabilities discovered with mysql-5.7 . However, Mail-in-a-Box does not officially use MySQL in any of our stuff.

This is not even a concern to everyone else. If you have not either: (a) installed extra packages on your machine; or (b) edited the source code of Mail-in-a-Box to install MySQL, you have nothing to be concerned about.

https://usn.ubuntu.com/3957-1/

CVE-2019-2566, CVE-2019-2581, CVE-2019-2592, CVE-2019-2614, CVE-2019-2627, CVE-2019-2628, CVE-2019-2632, CVE-2019-2683
Priority: Medium
(medium: “Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.”)

alento · April 30, 2019, 1:09am

So, I am slightly curious why we are talking about security vulnerabilities of uninstalled, unsupported packages here.

Eliter · April 30, 2019, 2:15am

@alento, because there has been talk about using MySQL, and questioning if SQLlite was a good choice. I mean, MySQL is very useful for anything that has (or could have) many data points stored/pulled.

Hence, it is under the “Unsupported Modifications” section.