cf-mysql/29

Security Update

While performing an upgrade, the team discovered a security issue, CVE-2016-6653. This affects cf-mysql releases v27 and v28.

In the case where either has been deployed, and the following three conditions are true: - Configured to send logs to a syslog service - Syslog transport is not encrypted - Audit logging is enabled

… then, cf-mysql will mistakenly send those audit logs to to the syslog service without encryption.

Especially in the case where the query directive has been specified in the cf_mysql.mysql.server_audit_events property, this can transmit all application data in a way that is not protected from network observers.

Furthermore, in this configuration, BOSH will not be able to automatically upgrade, see below.

Bug Fixes

• Do not send the mysql audit logs to syslog [#131120795]
• Detaching the persistent disk failed when both syslog and audit logs were enabled [#131023259]

Upgrading from cf-mysql v27 or v28

• If upgrading from v27 or v28, if both cf_mysql.mysql.server_audit_events property and syslog_aggregator had been configured, you may encounter problems when bosh tries to detach the persistent disk from the MySQL VMs. This will look like the following:
  

Started updating job mysql_z1 > mysql_z1/0 (55170f29-1796-48ef-ac48-abb325eec1a8) (canary). Failed: Action Failed get_task: Task 462ff34b-78ed-4d16-5ce9-fd707a45e9f1 result: Migrating persistent disk: Remounting persistent disk as readonly: Unmounting /var/vcap/store: Running command: ‘umount /var/vcap/store’, stdout: “, stderr: ‘umount: /var/vcap/store: device is busy.

(In some cases useful info about processes that use the device is found by lsof(8) or fuser(1))

The problem can be resolved by: 1. Ssh onto the MySQL VMs, using your preferred method 1. Comment out lines 44-48 of /etc/rsyslog.d/00-syslog_forwarder.conf 1. kill the rsyslogd process 1. Run bosh deploy again; it should succeed this time

Features

In typical agile fashion, we had completed a few feature stories, so they’re included as well. - galera_healthcheck should log when it encounters a bad state or error discovering state [#128880727] - The galera_healthcheck job now logs more verbosely when it encounters problems. - switchboard proxy should provide an HTTP healthcheck [#130696613] - This allows the cluster to work with Load Balancers that use only HTTP health checks. - The health check port should continue to work with load balancers that use TCP health checks.

- name: "cf-mysql"
  version: "29"
  url: "https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=29"
  sha1: "c335d01d83b83a17dfd8713f1b1e83e28d4bd02a"

bosh upload-release --sha1 c335d01d83b83a17dfd8713f1b1e83e28d4bd02a \
  "https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=29"