Bug #73683 Advisor for critical patch update
Submitted: 22 Aug 2014 9:42 Modified: 15 Oct 2014 6:40
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Enterprise Monitor: Advisors/Rules Severity:S4 (Feature request)
Version:3.0 OS:Any
Assigned to: Mark Leith CPU Architecture:Any
Tags: cpu, patch, Security

[22 Aug 2014 9:42] Daniël van Eeden 
Description:
The Oracle Critical Patch Update (CPU) Alerts gives indications about which versions are vulnerable.

A advisior should be made to check if the there are vulnerable versions in use.

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

How to repeat:
Check advisors

Suggested fix:
Check for Juli 2014 CPU:

(( %mysqlversion% > 50500) && (%mysqlversion% < 50537)) || (( %mysqlversion% > 50600) && (%mysqlversion% < 50617))

This is for MySQL 5.5 and MySQL 5.6

Check for January 2014 CPU:

( %mysqlversion% > 50100) && (%mysqlversion% < 50172)

This is only for MySQL 5.1 (not mentioned in July 2014 CPU)

Variables:

%mysqlversion% = mysql:Server:server.version_numeric
[22 Aug 2014 11:36] Daniël van Eeden 
rule for July 2014 CPU

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: Security_patches_for_Oracle_CPU_July_2014_missing.xml (text/xml), 1.80 KiB.
[22 Aug 2014 11:37] Daniël van Eeden 
rule for Janurary 2014 CPU

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: Security_patches_for_Oracle_CPU_January_2014_missing.xml (text/xml), 1.85 KiB.
[27 Aug 2014 10:47] Mark Leith 
Verifying the feature request, and thanks for the contribution, however this may have to be done in a different way (using an API, rather than relying on hard coded rules).
[15 Oct 2014 6:40] Daniël van Eeden 
The rule for Oracle CPU October 2014:
(( %mysqlversion% > 50500) && (%mysqlversion% < 50540)) || (( %mysqlversion% > 50600) && (%mysqlversion% < 50620))