This bug was fixed in the package mysql-8.0 - 8.0.22-0ubuntu0.20.04.3
---
mysql-8.0 (8.0.22-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: restrict open mysqlx port (LP: #1857584)
- debian/additions/mysql.conf.d/mysqld.cnf: bind mysqlx port to
** Changed in: mysql-8.0 (Ubuntu Focal)
Status: Incomplete => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Title:
MySQL X protocol port 33060 listening on network by
** Tags removed: server-next server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Title:
MySQL X protocol port 33060 listening on network by default
To manage notifications
I don't think having the port open by default is acceptable. It was
clearly an oversight when the new MySQL version was prepared, and I
suspect a lot of users are now running an open port without knowing
about it.
While publishing out an update that closes the port may break certain
** Tags added: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Title:
MySQL X protocol port 33060 listening on network by default
To manage notifications about this bug
I'll sum up my view on this (which I had hoped, would be yours, too):
So far, in Ubuntu, mysqld always listened on port 3306 only, and only on
the loopback interface by default. 20.04 introduced a mysql server
version which introduces the MySQL X protocol. The expectation a mysql
server
To reiterate Robie's point, for 20.04 this would be a behavioral change,
and while it is almost surely appropriate to do, in order to get it
accepted by the SRU process there needs to be a strong justification of
what the trouble is if it is left as-is.
>From the description it sounds like the
mysql-8.0 is available only in focal, groovy, and hirsute.
Checking each release's mysqld.cnf for the fix:
* focal: Missing
* groovy: Has it
* hirsute: Has it
** Also affects: mysql-8.0 (Ubuntu Hirsute)
Importance: Undecided
Status: Confirmed
** Also affects: mysql-8.0
Note that if you care, the workaround is to close the port in a
configuration file is trivial. What remains is the trade-off in
regressing users in stable releases versus a more sensible default.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
It is addressed properly. This was fixed in https://salsa.debian.org
/mariadb-team/mysql/-/commit/94e3a663b235d7720f7e98d9f34af27aace166ef
What Ubuntu releases (if any yet) include this change needs checking. If
this needs fixing in a stable Ubuntu release, then this needs separate
justification
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Title:
MySQL X protocol port 33060 listening on network by default
To manage notifications about this bug go to:
This is a security issue, why don't you address it properly?
In addition, the fix is just simple.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Title:
MySQL X protocol port 33060 listening
bind-address and mysqlx-bind-address both default to *, but the config
file (/etc/mysql/mysql.conf.d/mysqld.cnf) sets bind-address to
127.0.0.1, so I think we just need to do the same for mysqlx-bind-
address, as mentioned above.
--
You received this bug notification because you are a member of
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Title:
MySQL X protocol port 33060 listening on network by default
To manage
A workaround is to add the following to one of the mysql config files,
e.g., /etc/mysql/mysql.cnf:
[mysqld]
mysqlx_bind_address = 127.0.0.1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: mysql-8.0 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Title:
16 matches
Mail list logo