Mysql漏洞处理之升级版本到5.7.42/5.7.43过程指导手册
短信预约 -IT技能 免费直播动态提醒
一、背景
某次安全漏扫,发现MySQL大量漏洞,基于Mysql之用于内网,且版本确实有点旧,考虑升级,综合漏洞分析,只能升级到最新版5.7.42和8.0.33,现场环境:Mysql 5.7.28、5.7.20和mysql:8.0.21
| 漏洞编号 | 漏洞描述 |
|---|---|
| CVE-2023-21912 | MySQL 5.7.41 版本及之前版本和 8.0.30 版本及之前版本的 Server: Security: Privileges 组件存在安全漏洞 |
| CVE-2022-37434 | MySQL 5.7.41版本及之前版本和 8.0.31 版本及之前版本的 Server: InnoDB (zlib)组件存在安全漏洞 |
| CVE-2022-32221 | MySQL Server 5.7.40及之前版本的Server: Packaging (cURL)组件内不正确的输入验证。 |
| CVE-2023-21980 | MySQL 5.7.41 版本及之前版本和 8.0.32 版本及之前版本的 Client programs 组件存在安全漏洞; |
| CVE-2022-43551 | MySQL 5.7.41 版本及之前版本和 8.0.32 版本及之前版本的 Server: Server: Packaging (cURL) 组件存在安全漏洞 |
附录:[mysql5.7和mysql8.0区别(https://www.cnblogs.com/harda/p/16497988.html)、mysql 8手册、版本说明、mysql5.7手册
二、升级处理
1)升级方式选择,Mysql的两种升级方式:
就地升级(In-place Upgrade)
关闭旧版本mysql,用新的替换旧的二进制文件或软件包,在现有数据目录上重启数据库,执行mysql_upgrade
特点:不改变数据文件,升级速度快;但,不可以跨操作系统,不可以跨大版本(5.5—>5.7).
2、逻辑升级(Logical Upgrade)
使用备份或导出实用程序(如mysqldump,Xtrabackup)从旧mysql实例导出SQL ,安装新的mysql数据库版本,再将SQL应用于新的mysql实例。
特点:可以跨操作系统,跨大版本;但,升级速度慢,容易出现乱码等兼容性问题。
本案中采用方法1升级替换,更多参考:Mysql 5.7 二进制方式安装
2)升级前准备
参考文档:Mysql8升级前准备、Mysql5.7升级、介质。
#rpm包方式:官方推荐解压后yum安装:yum install mysql-community-{server,client,common,libs}-*wget --no-check-certificate https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-5.7.42-1.el7.x86_64.rpm-bundle.tar#二进制包方式:因我们本次采用源码包编译安装后替代二进制文件方式,旧的版本也是基于glibc2.12的wget --no-check-certificate https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-57.42-linux-glibc2.12-x86 64.tar.gz#合法性验证md5sum mysql-5.7.42-1.el7.x86_64.rpm-bundle.tar //输出ea9b44d306dcf6e74a4b4832a0a700e3md5sum mysql-57.42-linux-glibc2.12-x86 64.tar.gz//输出c00530249e4bf6899d1fbf6d3fed4897 #备份tar -czf mysql_all.20230621.tar.gz ./mysql./mysql/bin/mysqldump -u root -p dbname > /opt/mysql_db_bak/mysql_`date +%Y%m%d`.sql3)关闭mysql,替换二进制进行就地升级(不涉及跨大版本问题)
systemctl status mysqld● mysqld.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled) Active: active (running) since Wed 2023-04-19 23:25:30 CST; 2 months 2 days ago Docs: man:systemd-sysv-generator(8) Process: 2751 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS) CGroup: /system.slice/mysqld.service ├─2764 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/data --pid-file=/var/run/mysqld/mysqld.pid └─3108 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin ...Apr 19 23:25:29 zq-mysql-master systemd[1]: Starting LSB: start and stop MySQL...Apr 19 23:25:30 zq-mysql-master mysqld[2751]: Starting MySQL. SUCCESS!Apr 19 23:25:30 zq-mysql-master systemd[1]: Started LSB: start and stop MySQL.#如果没有创建服务,可登录后配置MySQL缓慢关停mysql -u root -pmysql> select @@innodb_fast_shutdown;mysql> SET GLOBAL innodb_fast_shutdown=0;#或直接,缓慢关闭服务的作用:关闭时,InnoDB会在关闭前执行完全purge和变化的缓冲区合并,以确保在版本之间出现文件格式差异时,data files已做好准备。mysql -u root -p --execute="SET GLOBAL innodb_fast_shutdown=0"mysqladmin -u root -p shutdown#或者重新创建个cp /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/chmod +x /etc/init.d/mysql.serverchkconfig --add mysql.serverchkconfig --listsystemctl stop mysqldsystemctl status mysqld #验证● mysqld.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled) Active: inactive (dead) since Thu 2023-06-22 12:06:28 CST; 1min 17s ago Docs: man:systemd-sysv-generator(8) Process: 23685 ExecStop=/etc/rc.d/init.d/mysqld stop (code=exited, status=0/SUCCESS) Process: 2751 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)Apr 19 23:25:29 zq-mysql-master systemd[1]: Starting LSB: start and stop MySQL...Apr 19 23:25:30 zq-mysql-master mysqld[2751]: Starting MySQL. SUCCESS!Apr 19 23:25:30 zq-mysql-master systemd[1]: Started LSB: start and stop MySQL.Jun 22 12:06:16 zq-mysql-master systemd[1]: Stopping LSB: start and stop MySQL...Jun 22 12:06:28 zq-mysql-master mysqld[23685]: Shutting down MySQL............ SUCCESS!Jun 22 12:06:28 zq-mysql-master systemd[1]: Stopped LSB: start and stop MySQL.ps aux|grep mysql#解压二进制包替换旧mysqltar -xzf mysql-57.42-linux-glibc2.12-x86 64.tar.gzmv mysql-5.7.42-linux-glibc2.12-x86_64 mysql-5.7.42cd mysql-5.7.42ls //bin docs include lib LICENSE man README share support-files#迁移mysql 5.7.42 到原mysql安装目录,比较权限root@zq-mysql-master local]# ll ./mysql_old/total 56drwxr-x--- 2 mysql mysql 4096 Sep 18 2019 bin-rw-r--r-- 1 mysql mysql 17987 Sep 13 2017 COPYINGdrwxr-x--- 10 mysql mysql 4096 Jun 22 12:06 datadrwxr-x--- 2 mysql mysql 4096 Sep 18 2019 docsdrwxr-x--- 3 mysql mysql 4096 Sep 18 2019 includedrwxr-x--- 5 mysql mysql 4096 Sep 18 2019 libdrwxr-x--- 4 mysql mysql 4096 Sep 18 2019 man-rw-r--r-- 1 mysql mysql 2478 Sep 13 2017 READMEdrwxr-x--- 28 mysql mysql 4096 Sep 18 2019 sharedrwxr-x--- 2 mysql mysql 4096 Sep 18 2019 support-files[root@zq-mysql-master local]# ll ./mysql-5.7.42/total 284drwxr-xr-x 2 root root 4096 Jun 22 12:10 bindrwxr-xr-x 2 root root 4096 Jun 22 12:10 docsdrwxr-xr-x 3 root root 4096 Jun 22 12:10 includedrwxr-xr-x 5 root root 4096 Jun 22 12:10 lib-rw-r--r-- 1 7161 31415 255738 Mar 16 23:25 LICENSEdrwxr-xr-x 4 root root 4096 Jun 22 12:10 man-rw-r--r-- 1 7161 31415 566 Mar 16 23:25 READMEdrwxr-xr-x 28 root root 4096 Jun 22 12:10 sharedrwxr-xr-x 2 root root 4096 Jun 22 12:10 support-files#授权后迁移data过去到新目录chown mysql.mysql -R ./mysql-5.7.42/cp -pr ./mysql_old/data ./mysql-5.7.42/ll ./mysql-5.7.42/total 288drwxr-xr-x 2 mysql mysql 4096 Jun 22 12:10 bindrwxr-x--- 10 mysql mysql 4096 Jun 22 12:06 datadrwxr-xr-x 2 mysql mysql 4096 Jun 22 12:10 docsdrwxr-xr-x 3 mysql mysql 4096 Jun 22 12:10 includedrwxr-xr-x 5 mysql mysql 4096 Jun 22 12:10 lib-rw-r--r-- 1 mysql mysql 255738 Mar 16 23:25 LICENSEdrwxr-xr-x 4 mysql mysql 4096 Jun 22 12:10 man-rw-r--r-- 1 mysql mysql 566 Mar 16 23:25 READMEdrwxr-xr-x 28 mysql mysql 4096 Jun 22 12:10 sharedrwxr-xr-x 2 mysql mysql 4096 Jun 22 12:10 support-files#重新启动mysqlsystemctl start mysqldsystemctl status mysqld //报错如下● mysqld.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled) Active: active (exited) since Thu 2023-06-22 12:20:11 CST; 31s ago Docs: man:systemd-sysv-generator(8) Process: 23685 ExecStop=/etc/rc.d/init.d/mysqld stop (code=exited, status=0/SUCCESS) Process: 24001 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)Jun 22 12:20:11 zq-mysql-master systemd[1来源地址:https://blog.csdn.net/ximenjianxue/article/details/131301015
免责声明:
① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。
② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
![[mysql]mysql8修改root密码](https://static.528045.com/imgs/41.jpg?imageMogr2/format/webp/blur/1x0/quality/35)
