Mysql漏洞处理之升级版本到5.7.42/5.7.43过程指导手册
一、背景
某次安全漏扫,发现MySQL大量漏洞,基于Mysql之用于内网,且版本确实有点旧,考虑升级,综合漏洞分析,只能升级到最新版5.7.42和8.0.33,现场环境:Mysql 5.7.28、5.7.20和mysql:8.0.21
| 漏洞编号 | 漏洞描述 |
|---|---|
| CVE-2023-21912 | MySQL 5.7.41 版本及之前版本和 8.0.30 版本及之前版本的 Server: Security: Privileges 组件存在安全漏洞 |
| CVE-2022-37434 | MySQL 5.7.41版本及之前版本和 8.0.31 版本及之前版本的 Server: InnoDB (zlib)组件存在安全漏洞 |
| CVE-2022-32221 | MySQL Server 5.7.40及之前版本的Server: Packaging (cURL)组件内不正确的输入验证。 |
| CVE-2023-21980 | MySQL 5.7.41 版本及之前版本和 8.0.32 版本及之前版本的 Client programs 组件存在安全漏洞; |
| CVE-2022-43551 | MySQL 5.7.41 版本及之前版本和 8.0.32 版本及之前版本的 Server: Server: Packaging (cURL) 组件存在安全漏洞 |
附录:[mysql5.7和mysql8.0区别(https://www.cnblogs.com/harda/p/16497988.html)、mysql 8手册、版本说明、mysql5.7手册
二、升级处理
1)升级方式选择,Mysql的两种升级方式:
1、就地升级(In-place Upgrade)
关闭旧版本mysql,用新的替换旧的二进制文件或软件包,在现有数据目录上重启数据库,执行mysql_upgrade
特点:不改变数据文件,升级速度快;但,不可以跨操作系统,不可以跨大版本(5.5—>5.7).
2、逻辑升级(Logical Upgrade)
使用备份或导出实用程序(如mysqldump,Xtrabackup)从旧mysql实例导出SQL ,安装新的mysql数据库版本,再将SQL应用于新的mysql实例。
特点:可以跨操作系统,跨大版本;但,升级速度慢,容易出现乱码等兼容性问题。
本案中采用方法1升级替换,更多参考:Mysql 5.7 二进制方式安装
2)升级前准备
参考文档:Mysql8升级前准备、Mysql5.7升级、介质。
#rpm包方式:官方推荐解压后yum安装:yum install mysql-community-{server,client,common,libs}-*
wget --no-check-certificate https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-5.7.42-1.el7.x86_64.rpm-bundle.tar
#二进制包方式:因我们本次采用源码包编译安装后替代二进制文件方式,旧的版本也是基于glibc2.12的
wget --no-check-certificate https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-57.42-linux-glibc2.12-x86 64.tar.gz
#合法性验证
md5sum mysql-5.7.42-1.el7.x86_64.rpm-bundle.tar //输出ea9b44d306dcf6e74a4b4832a0a700e3
md5sum mysql-57.42-linux-glibc2.12-x86 64.tar.gz//输出c00530249e4bf6899d1fbf6d3fed4897
#备份
tar -czf mysql_all.20230621.tar.gz ./mysql
./mysql/bin/mysqldump -u root -p dbname > /opt/mysql_db_bak/mysql_`date +%Y%m%d`.sql
3)关闭mysql,替换二进制进行就地升级(不涉及跨大版本问题)
systemctl status mysqld
● mysqld.service - LSB: start and stop MySQLLoaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)Active: active (running) since Wed 2023-04-19 23:25:30 CST; 2 months 2 days agoDocs: man:systemd-sysv-generator(8)Process: 2751 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)CGroup: /system.slice/mysqld.service├─2764 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/data --pid-file=/var/run/mysqld/mysqld.pid└─3108 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin ...Apr 19 23:25:29 zq-mysql-master systemd[1]: Starting LSB: start and stop MySQL...
Apr 19 23:25:30 zq-mysql-master mysqld[2751]: Starting MySQL. SUCCESS!
Apr 19 23:25:30 zq-mysql-master systemd[1]: Started LSB: start and stop MySQL.#如果没有创建服务,可登录后配置MySQL缓慢关停
mysql -u root -p
mysql> select @@innodb_fast_shutdown;
mysql> SET GLOBAL innodb_fast_shutdown=0;
#或直接,缓慢关闭服务的作用:关闭时,InnoDB会在关闭前执行完全purge和变化的缓冲区合并,以确保在版本之间出现文件格式差异时,data files已做好准备。
mysql -u root -p --execute="SET GLOBAL innodb_fast_shutdown=0"
mysqladmin -u root -p shutdown
#或者重新创建个
cp /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/
chmod +x /etc/init.d/mysql.server
chkconfig --add mysql.server
chkconfig --listsystemctl stop mysqld
systemctl status mysqld #验证
● mysqld.service - LSB: start and stop MySQLLoaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)Active: inactive (dead) since Thu 2023-06-22 12:06:28 CST; 1min 17s agoDocs: man:systemd-sysv-generator(8)Process: 23685 ExecStop=/etc/rc.d/init.d/mysqld stop (code=exited, status=0/SUCCESS)Process: 2751 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)Apr 19 23:25:29 zq-mysql-master systemd[1]: Starting LSB: start and stop MySQL...
Apr 19 23:25:30 zq-mysql-master mysqld[2751]: Starting MySQL. SUCCESS!
Apr 19 23:25:30 zq-mysql-master systemd[1]: Started LSB: start and stop MySQL.
Jun 22 12:06:16 zq-mysql-master systemd[1]: Stopping LSB: start and stop MySQL...
Jun 22 12:06:28 zq-mysql-master mysqld[23685]: Shutting down MySQL............ SUCCESS!
Jun 22 12:06:28 zq-mysql-master systemd[1]: Stopped LSB: start and stop MySQL.ps aux|grep mysql#解压二进制包替换旧mysql
tar -xzf mysql-57.42-linux-glibc2.12-x86 64.tar.gz
mv mysql-5.7.42-linux-glibc2.12-x86_64 mysql-5.7.42
cd mysql-5.7.42
ls //
bin docs include lib LICENSE man README share support-files
#迁移mysql 5.7.42 到原mysql安装目录,比较权限
root@zq-mysql-master local]# ll ./mysql_old/
total 56
drwxr-x--- 2 mysql mysql 4096 Sep 18 2019 bin
-rw-r--r-- 1 mysql mysql 17987 Sep 13 2017 COPYING
drwxr-x--- 10 mysql mysql 4096 Jun 22 12:06 data
drwxr-x--- 2 mysql mysql 4096 Sep 18 2019 docs
drwxr-x--- 3 mysql mysql 4096 Sep 18 2019 include
drwxr-x--- 5 mysql mysql 4096 Sep 18 2019 lib
drwxr-x--- 4 mysql mysql 4096 Sep 18 2019 man
-rw-r--r-- 1 mysql mysql 2478 Sep 13 2017 README
drwxr-x--- 28 mysql mysql 4096 Sep 18 2019 share
drwxr-x--- 2 mysql mysql 4096 Sep 18 2019 support-files
[root@zq-mysql-master local]# ll ./mysql-5.7.42/
total 284
drwxr-xr-x 2 root root 4096 Jun 22 12:10 bin
drwxr-xr-x 2 root root 4096 Jun 22 12:10 docs
drwxr-xr-x 3 root root 4096 Jun 22 12:10 include
drwxr-xr-x 5 root root 4096 Jun 22 12:10 lib
-rw-r--r-- 1 7161 31415 255738 Mar 16 23:25 LICENSE
drwxr-xr-x 4 root root 4096 Jun 22 12:10 man
-rw-r--r-- 1 7161 31415 566 Mar 16 23:25 README
drwxr-xr-x 28 root root 4096 Jun 22 12:10 share
drwxr-xr-x 2 root root 4096 Jun 22 12:10 support-files#授权后迁移data过去到新目录
chown mysql.mysql -R ./mysql-5.7.42/
cp -pr ./mysql_old/data ./mysql-5.7.42/
ll ./mysql-5.7.42/
total 288
drwxr-xr-x 2 mysql mysql 4096 Jun 22 12:10 bin
drwxr-x--- 10 mysql mysql 4096 Jun 22 12:06 data
drwxr-xr-x 2 mysql mysql 4096 Jun 22 12:10 docs
drwxr-xr-x 3 mysql mysql 4096 Jun 22 12:10 include
drwxr-xr-x 5 mysql mysql 4096 Jun 22 12:10 lib
-rw-r--r-- 1 mysql mysql 255738 Mar 16 23:25 LICENSE
drwxr-xr-x 4 mysql mysql 4096 Jun 22 12:10 man
-rw-r--r-- 1 mysql mysql 566 Mar 16 23:25 README
drwxr-xr-x 28 mysql mysql 4096 Jun 22 12:10 share
drwxr-xr-x 2 mysql mysql 4096 Jun 22 12:10 support-files#重新启动mysql
systemctl start mysqld
systemctl status mysqld //报错如下
● mysqld.service - LSB: start and stop MySQLLoaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)Active: active (exited) since Thu 2023-06-22 12:20:11 CST; 31s agoDocs: man:systemd-sysv-generator(8)Process: 23685 ExecStop=/etc/rc.d/init.d/mysqld stop (code=exited, status=0/SUCCESS)Process: 24001 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)Jun 22 12:20:11 zq-mysql-master systemd[1本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!