MySQL vulnerabilities?

[Hersheydmd]

My anti-virus (Kaspersky) keeps reporting that MySQL 5.5 has vulnerabilities and advises upgrading to a newer version. Should we? Will O.D. work with the newest version of MySQL?

KLA10638
Multiple vulnerabilities in MySQL
Updated: 07/24/2015
CVSS 3.8
Detect date 07/17/2015
Severity Warning

Description
Unspecified vulnerabilities were found in MySQL Server. Malicious users can exploit these vulnerabilities to affect confidentiality,integrity and availability via unknown vectors related to Partition, DML, GIS and RBR.

Affected products
Oracle MySQL Server versions 5.5.43 and earlier
Oracle MySQL Server versions 5.6.24 and earlier

Solution
Update to latest version
Get MySQL http://www.mysql.com/downloads/

Original advisories Oracle Critical Patch Update Advisory http://www.oracle.com/technetwork/topic ... 67936.html

Impacts
OSI
DoS
LoI

[jsalmon]

Open Dental does work with MySQL 5.6 and we've been working on pushing everyone up to that version (or even to 5.7) but the only part right now that trips users up is when they don't upgrade their current 5.5 tables to new 5.6 formats. We had many reports of users getting errors when that didn't take place so we've been trying to figure out a mechanism for a smooth transition. To upgrade your tables manually you have to run the mysql_upgrade.exe found within the bin folder of the MySQL installation directory. This effects every database within your data directory, not just the Open Dental tables which is another complication to the upgrade as we're not the only company utilizing the MySQL directory in all offices. Talk about a pickle.

[Hersheydmd]

Thanks Jason. I will put this on my 'to do' list of things I have to take care of.

[jsalmon]

We have several users using 5.6 right now and we've had our sights set on that version so I'd recommend going to it first. I can't guarantee anything above 5.6 ATM.

[Justin Shafer]

Great post Hershey! There will always be exploits.. just gotta be aware of em... Try to stay ahead of the curve.

Paper is more secure... but... I don't see paper coming back.

https://www.exploit-db.com/search/?acti ... ch&q=mysql

I was once curious what other countries use for dental software.. I asked a friend in Mexico what his dentist uses... He showed me a paper chart.. in spanish.. with a rofl.

Nod. My buddy Darrell and I discuss De-Identification. (A book that keeps a record of Patient's SSN to a fake SSN).. and that would work if you started out that way.. until... you submitted claims? I know someone else that attempted to remove the SSN from their PMS.. They realized.. it is not that simple.