mysql-mmm 2.2.2 "slugabed"
Milestone information
- Project:
- mysql-mmm
- Series:
- trunk
- Version:
- 2.2.2
- Code name:
- slugabed
- Released:
- Registrant:
- David Beveridge
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- 2 David Beveridge
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- 2 Fix Released
Download files for this release
Release notes
Multiple exploitable remote command injection vulnerabilities exist
in the MySQL Master-Master Replication Manager (MMM) mmm_agentd
daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not
require authentication by default. A specially crafted MMM protocol
message can cause a shell command injection resulting in arbitrary
command execution with the privileges of the mmm_agentd process. An
attacker that can initiate a TCP session with mmm_agentd can trigger
these vulnerabilities.
Changelog
View the full changelog
0 blueprints and 2 bugs targeted
| Bug report | Importance | Assignee | Status | |||
|---|---|---|---|---|---|---|
| 1736962 | #1736962 | Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities | 3 High | David Beveridge | 10 Fix Released | |
| 1766773 | #1766773 | bug with newer Net::ARP version numbers | 4 Medium | David Beveridge | 10 Fix Released | |
