2015/01/29 5:10 PM PST - Update

 

Amazon Relational Database Service (RDS)

MySQL 5.5 and 5.6: Amazon RDS has made new minor versions MySQL 5.5.40b, 5.6.19b, and 5.6.21b available. These versions include fixes for critical security issues identified in Oracle Critical Patch Advisory (http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html) and we recommend customers upgrade their instances to the updated versions.

MySQL 5.1: As described earlier, Oracle no longer provides patches for MySQL 5.1. We recommend that our customers running MySQL 5.1 perform a major version upgrade to the latest versions of MySQL 5.5 or 5.6 after testing for application compatibility. In order to give customers more time to test compatibility and perform a major version upgrade, we have also released a new minor version, 5.1.73b, which includes fixes for critical security issues. We recommend to our customers who need more time for a major version upgrade to upgrade their instances to version 5.1.73b.

NOTE: At the time of the version upgrade, your database instances (either Single-AZ or Multi-AZ) will undergo a reboot and will be unavailable for a few minutes. For more information about upgrading your database instance, please visit: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeInstance.html.

 

---------------------------------------------------------------------------

2015/01/21 1:30 PM PST - Update

We have reviewed the Oracle Critical Patch Update. Our services are not affected, except as noted below:

Amazon Relational Database Service (RDS)

MySQL 5.5 and 5.6: All Amazon RDS for MySQL database instances must be upgraded to address the security issues in this update. Amazon RDS will make new versions available shortly.

MySQL 5.1: As described in https://www.mysql.com/support/eol-notice.html, Oracle moved MySQL 5.1 to Sustaining Support in December 2013 and is no longer providing patches for it. To continue receiving MySQL security and reliability patches, we recommend that customers running MySQL 5.1 perform a major version upgrade to the latest versions of MySQL 5.5 or 5.6, once available, after testing for application compatibility. More details about performing this upgrade are available here:

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeInstance.html

Oracle: Amazon RDS will make new Oracle versions available that address the issues in this update in February 2015.

NOTE: As an important security best practice, we recommend that you configure your security groups to restrict inbound access on database ports to only those source IP addresses from which legitimate connections to the database should originate. For information on reconfiguring the access to your database, please refer to http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

 

---------------------------------------------------------------------------

2015/01/20 1:30 PM PST

 

We are aware of the Oracle Critical Patch advisory posted at http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html.

We are currently reviewing AWS Services and will update this bulletin within 24 hours.