Bug 40183 – mysql-5.5: Multiple issues (4.1)

Bug 40183 - mysql-5.5: Multiple issues (4.1)


Summary:	mysql-5.5: Multiple issues (4.1)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-0-errata
Assigned To:	Philipp Hahn
QA Contact:	Daniel Tröder

URL:	http://www.oracle.com/technetwork/top...
Keywords:

Depends on:
Blocks:	40184
	Show dependency tree / graph

Reported:	2015-12-07 13:38 CET by Arvid Requate
Modified:	2016-10-05 12:46 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-12-07 13:38:16 CET

New security vulnerabilities have been discovered in MySQL:

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL

The Debian upstream package version 5.5.46-0+deb7u1 fixes these:

CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913

Comment 1 Philipp Hahn

2015-12-14 16:30:30 CET

repo_admin.py --cherrypick -r 4.0 -s errata4.0-4 --releasedest 4.1 --dest errata4.1-0 -p mysql-5.5

Comment 2 Philipp Hahn

2015-12-15 08:31:53 CET

4.0-0: 5.5.40-0.11.201411010605
4.0-1: 5.5.40-0.14.201502051002
4.0-3: 5.5.44-0.15.201508042121
4.0-4: 5.5.46-0.16.201512141629
4.1-0: 5.5.46-0.17.201512141630

Package: mysql-5.5
Version: 5.5.46-0.17.201512141630
Branch: ucs_4.1-0-errata4.1-0
Scope: errata4.1-0

r66334 | Bug #40183: UCS-4.1-0 mysql-5.5.yaml
 mysql-5.5.yaml

Comment 3 Daniel Tröder

2016-01-12 10:50:55 CET

OK: DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server
OK: advisory
OK: manual test:
# CRED="--user=debian-sys-maint --password=$(grep password /etc/mysql/debian.cnf | cut -d " " -f 3 | head -1)"
# mysqladmin $CRED create mytest && echo OK
# (mysql $CRED mytest <<__EOF__
DROP TABLE IF EXISTS \`testtable\`;
CREATE TABLE \`testtable\` (\`test\` char(60) COLLATE utf8_bin NOT NULL DEFAULT '');
INSERT INTO \`testtable\` VALUES ('foo'),('bar');
__EOF__
) && echo OK
# mysqldump --host=localhost $CRED --compact mytest | grep -q foo && echo OK
# mysqladmin $CRED -f drop mytest && echo OK

Comment 4 Janek Walkenhorst

2016-01-13 14:01:45 CET

<http://errata.software-univention.de/ucs/4.1/54.html>