MySQL5.7.30升级修复CVE-2020-14576漏洞

升级社区版MySQL5.7.30 版本到MySQL5.7.38修复CVE-2020-14576漏洞
仅购买了Mysql企业版本的用户才可以Support平台下载升级补丁包，
因此，社区版本直接考虑升级版本到目前最新稳定版本包来进行修复。

一、下载

提前下载好安装包：mysql-5.7.38-1.el7.x86_64.rpm-bundle.tar 并校验好MD5值，确保包一致。

# 下载
wget https://cdn.mysql.com/archives/mysql-5.7/mysql-5.7.38-1.el7.x86_64.rpm-bundle.tar

# 校验MD5值
# md5sum mysql-5.7.38-1.el7.x86_64.rpm-bundle.tar
826ce05d0379574a03935b62ae02db88  mysql-5.7.38-1.el7.x86_64.rpm-bundle.tar

二、备份

1、数据文件备份（注意权限和自己的安装路径）

# tree -L 2
.
├── dbs
│   ├── logs
│   └── mysql
├── dbs.bark
│   ├── logs
│   └── mysql
└── redis
    └── db

cd /data && cp -ra dbs/ dbs.bark

2、全库数据备份

mkdir -p /root/bark/
mysqldump -uroot -p --all-databases > /root/bark/mysqlbak.sql

3、备份配置文件

cp -a /etc/my.cnf /root/bark/

三 、升级

1、查看当前版本

# rpm -qa|grep mysql
mysql-community-server-5.7.30-1.el7.x86_64
mysql-community-common-5.7.30-1.el7.x86_64
mysql-community-client-5.7.30-1.el7.x86_64
mysql-community-libs-5.7.30-1.el7.x86_64

2、关闭数据库

# 使数据库关闭时会清空缓存，避免版本间缓存格式差异
mysql -u root -p --execute="SET GLOBAL innodb_fast_shutdown=0"

# 关闭数据库 
systemctl stop mysqld

3、上传安装包

# 上传完安装包校验MD5值
# md5sum mysql-5.7.38-1.el7.x86_64.rpm-bundle.tar 
826ce05d0379574a03935b62ae02db88  mysql-5.7.38-1.el7.x86_64.rpm-bundle.tar

# 解压删除只保留以下4个包
tar xvf mysql-5.7.38-1.el7.x86_64.rpm-bundle.tar 
# ll
-rw-r--r-- 1 7155 31415  28991900 Mar 23 01:26 mysql-community-client-5.7.38-1.el7.x86_64.rpm
-rw-r--r-- 1 7155 31415    318868 Mar 23 01:26 mysql-community-common-5.7.38-1.el7.x86_64.rpm
-rw-r--r-- 1 7155 31415   2704332 Mar 23 01:26 mysql-community-libs-5.7.38-1.el7.x86_64.rpm
-rw-r--r-- 1 7155 31415 186231736 Mar 23 01:27 mysql-community-server-5.7.38-1.el7.x86_64.rpm
# rpm -qa|grep mysql
mysql-community-server-5.7.30-1.el7.x86_64
mysql-community-common-5.7.30-1.el7.x86_64
mysql-community-client-5.7.30-1.el7.x86_64
mysql-community-libs-5.7.30-1.el7.x86_64

4、执行升级

# 进入上步解压目录rpm -Uvh  *.rpm
# rpm -Uvh  *.rpm
warning: mysql-community-client-5.7.38-1.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3a79bd29: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:mysql-community-common-5.7.38-1.e################################# [ 13%]
   2:mysql-community-libs-5.7.38-1.el7################################# [ 25%]
   3:mysql-community-client-5.7.38-1.e################################# [ 38%]
   4:mysql-community-server-5.7.38-1.e################################# [ 50%]
Cleaning up / removing...
   5:mysql-community-server-5.7.30-1.e################################# [ 63%]
   6:mysql-community-client-5.7.30-1.e################################# [ 75%]
   7:mysql-community-libs-5.7.30-1.el7################################# [ 88%]
   8:mysql-community-common-5.7.30-1.e################################# [100%]

# 安装完成再查看，已经更新过来
# rpm -qa|grep mysql
mysql-community-server-5.7.38-1.el7.x86_64
mysql-community-common-5.7.38-1.el7.x86_64
mysql-community-client-5.7.38-1.el7.x86_64
mysql-community-libs-5.7.38-1.el7.x86_64

5、启动

# 启动
systemctl start mysqld

# 自动检查，会提示successfully
mysql_upgrade -uroot -p
Upgrade process completed successfully.
Checking if update is needed.

# 查看版本
# mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 46
Server version: 5.7.38-log MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select version();
+------------+
| version()  |
+------------+
| 5.7.38-log |
+------------+
1 row in set (0.00 sec)

mysql> 

至此，升级成功！