{"id":13661,"date":"2016-09-20T15:01:58","date_gmt":"2016-09-20T15:01:58","guid":{"rendered":"https:\/\/www.heartinternet.uk\/blog\/?p=13661"},"modified":"2016-09-20T15:01:58","modified_gmt":"2016-09-20T15:01:58","slug":"mysql-security-hole-found-please-update-your-servers","status":"publish","type":"post","link":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/","title":{"rendered":"MySQL security hole found – please update your servers"},"content":{"rendered":"

The Register<\/a> has reported that a security hole has been found in MySQL that can be used to gain root access on servers.<\/p>\n

The flaws are present in all default installations of MySQL 5.5, 5.6, and 5.7.<\/p>\n

By tampering with one of MySQL\u2019s config files to point to a malicious library already on the server, you can set it up so that mysqld_safe<\/a>, the script file that launches MySQL, loads the library and injects code into the server that could get you remote code execution.<\/p>\n

mysqld_safe runs as root even if you have set up MySQL to run under a non-root user. If a web application\u2019s permissions are not locked down on your server, and the MySQL user can write or create new configuration files, one SQL injection vulnerability could turn into a remote root shell for hackers.<\/p>\n

You can read more about this security hole on David Golunski\u2019s proof of concept<\/a>.<\/p>\n

This security hole also affects MariaDB<\/a> and PerconaDB<\/a>, who have both issued fixes for this issue.<\/p>\n

Oracle has also updated MySQL to address this. Please update to 5.5.52<\/a>, 5.6.33<\/a>, and 5.7.15<\/a>.<\/p>\n

If you are on Heart Internet’s shared or Premium hosting platforms, we have already updated our servers and you are not at any risk.<\/p>\n

If you have a VPS or Dedicated Server, our Customer Services team is on hand to help you and will be able to implement these patches for a small fee. Please raise a ticket with Customer Services<\/a> for more information.<\/p>\n","protected":false},"excerpt":{"rendered":"

A security hole has been found in MySQL that can be used to gain root access on servers. We have the details of the issue and how you can fix it on your VPS or dedicated server.<\/p>\n","protected":false},"author":2,"featured_media":13663,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,14,23],"tags":[],"class_list":{"0":"post-13661","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-dedicated-servers","8":"category-hybrid-servers","9":"category-vps"},"yoast_head":"\nMySQL security hole found - please update your servers - Heart Internet<\/title>\n<meta name=\"description\" content=\"A security issue has been found with MySQL. We detail the issue and tell you how to fix it on your VPS or dedicated server.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MySQL security hole found - please update your servers - Heart Internet\" \/>\n<meta property=\"og:description\" content=\"A security issue has been found with MySQL. We detail the issue and tell you how to fix it on your VPS or dedicated server.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Heart Internet\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/heartinternet\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-09-20T15:01:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1620\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Eliot Chambers-Ostler\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@heartinternet\" \/>\n<meta name=\"twitter:site\" content=\"@heartinternet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Eliot Chambers-Ostler\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/\"},\"author\":{\"name\":\"Eliot Chambers-Ostler\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28\"},\"headline\":\"MySQL security hole found – please update your servers\",\"datePublished\":\"2016-09-20T15:01:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/\"},\"wordCount\":255,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg\",\"articleSection\":[\"Dedicated Servers\",\"Hybrid Servers\",\"VPS\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/\",\"name\":\"MySQL security hole found - please update your servers - Heart Internet\",\"isPartOf\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg\",\"datePublished\":\"2016-09-20T15:01:58+00:00\",\"description\":\"A security issue has been found with MySQL. We detail the issue and tell you how to fix it on your VPS or dedicated server.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#primaryimage\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg\",\"width\":1620,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.heartinternet.uk\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"MySQL security hole found – please update your servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/heartblog.victory.digital\/#website\",\"url\":\"https:\/\/heartblog.victory.digital\/\",\"name\":\"Heart Internet\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/heartblog.victory.digital\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\",\"name\":\"Heart Internet\",\"url\":\"https:\/\/heartblog.victory.digital\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp\",\"width\":992,\"height\":252,\"caption\":\"Heart Internet\"},\"image\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/heartinternet\/\",\"https:\/\/x.com\/heartinternet\",\"https:\/\/www.linkedin.com\/company\/heart-internet-ltd\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28\",\"name\":\"Eliot Chambers-Ostler\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg\",\"caption\":\"Eliot Chambers-Ostler\"},\"url\":\"https:\/\/www.heartinternet.uk\/blog\/author\/eliot-chambers-ostler\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MySQL security hole found - please update your servers - Heart Internet","description":"A security issue has been found with MySQL. We detail the issue and tell you how to fix it on your VPS or dedicated server.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/","og_locale":"en_GB","og_type":"article","og_title":"MySQL security hole found - please update your servers - Heart Internet","og_description":"A security issue has been found with MySQL. We detail the issue and tell you how to fix it on your VPS or dedicated server.","og_url":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/","og_site_name":"Heart Internet","article_publisher":"https:\/\/www.facebook.com\/heartinternet\/","article_published_time":"2016-09-20T15:01:58+00:00","og_image":[{"width":1620,"height":720,"url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg","type":"image\/jpeg"}],"author":"Eliot Chambers-Ostler","twitter_card":"summary_large_image","twitter_creator":"@heartinternet","twitter_site":"@heartinternet","twitter_misc":{"Written by":"Eliot Chambers-Ostler","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#article","isPartOf":{"@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/"},"author":{"name":"Eliot Chambers-Ostler","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28"},"headline":"MySQL security hole found – please update your servers","datePublished":"2016-09-20T15:01:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/"},"wordCount":255,"commentCount":0,"publisher":{"@id":"https:\/\/heartblog.victory.digital\/#organization"},"image":{"@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg","articleSection":["Dedicated Servers","Hybrid Servers","VPS"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/","url":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/","name":"MySQL security hole found - please update your servers - Heart Internet","isPartOf":{"@id":"https:\/\/heartblog.victory.digital\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg","datePublished":"2016-09-20T15:01:58+00:00","description":"A security issue has been found with MySQL. We detail the issue and tell you how to fix it on your VPS or dedicated server.","breadcrumb":{"@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#primaryimage","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2016\/09\/mysqlhole-background.jpg","width":1620,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/www.heartinternet.uk\/blog\/mysql-security-hole-found-please-update-your-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.heartinternet.uk\/blog\/"},{"@type":"ListItem","position":2,"name":"MySQL security hole found – please update your servers"}]},{"@type":"WebSite","@id":"https:\/\/heartblog.victory.digital\/#website","url":"https:\/\/heartblog.victory.digital\/","name":"Heart Internet","description":"","publisher":{"@id":"https:\/\/heartblog.victory.digital\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/heartblog.victory.digital\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/heartblog.victory.digital\/#organization","name":"Heart Internet","url":"https:\/\/heartblog.victory.digital\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp","width":992,"height":252,"caption":"Heart Internet"},"image":{"@id":"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/heartinternet\/","https:\/\/x.com\/heartinternet","https:\/\/www.linkedin.com\/company\/heart-internet-ltd"]},{"@type":"Person","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28","name":"Eliot Chambers-Ostler","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/image\/","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg","caption":"Eliot Chambers-Ostler"},"url":"https:\/\/www.heartinternet.uk\/blog\/author\/eliot-chambers-ostler\/"}]}},"_links":{"self":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts\/13661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/comments?post=13661"}],"version-history":[{"count":0,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts\/13661\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/media\/13663"}],"wp:attachment":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/media?parent=13661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/categories?post=13661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/tags?post=13661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}