Bug 46865 – mysql-5.5: Multiple issues (4.2)

Bug 46865 - mysql-5.5: Multiple issues (4.2)


Summary:	mysql-5.5: Multiple issues (4.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-3-errata
Assigned To:	Philipp Hahn
QA Contact:	Arvid Requate

URL:	https://dev.mysql.com/doc/relnotes/my...
Keywords:

Depends on:	45633
Blocks:
	Show dependency tree / graph

Reported:	2018-04-23 09:53 CEST by Philipp Hahn
Modified:	2018-05-08 14:57 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:	7.7 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2018-04-23 09:53:30 CEST

* CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2773 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2818 mysql: Server : Security : Privileges unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

Comment 1 Philipp Hahn

2018-04-23 09:55:07 CEST

[4.2-3] f97072fc3f Bug #46865: mysql-5.5 5.5.60-0+deb8u1A~4.2.3.201804221415

Comment 2 Quality Assurance

2018-05-04 16:58:20 CEST

--- mirror/ftp/4.2/unmaintained/component/4.2-3-errata/source/mysql-5.5_5.5.59-0+deb8u1A~4.2.3.201801251404.dsc
+++ apt/ucs_4.2-0-errata4.2-3/source/mysql-5.5_5.5.60-0+deb8u1A~4.2.3.201804221415.dsc
@@ -1,4 +1,4 @@
-5.5.59-0+deb8u1A~4.2.3.201801251404 [Thu, 25 Jan 2018 14:19:54 +0100] Univention builddaemon <buildd@univention.de>:
+5.5.60-0+deb8u1A~4.2.3.201804221415 [Sun, 22 Apr 2018 14:15:22 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. The following patches have been applied to the original source package
     00_remove_debian_news
@@ -7,6 +7,17 @@
     30_root_password
     50_ucr_autostart
 
+5.5.60-0+deb8u1 [Wed, 18 Apr 2018 22:28:36 +0200] Salvatore Bonaccorso <carnil@debian.org>:
+
+  * Non-maintainer upload by the Security Team.
+  * Imported Upstream version 5.5.60 to fix security issues:
+    - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
+    - CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781
+      CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819
+  * Don't install obsolete manpages.
+    Do not try to install anymore obsolete manpages for mysql_client_test,
+    mysql_client_test_embedded and mysqltest_embedded.
+
 5.5.59-0+deb8u1 [Wed, 17 Jan 2018 13:36:35 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 
   * Non-maintainer upload by the Security Team.

Comment 3 Arvid Requate

2018-05-07 20:01:55 CEST

* All UCS specific patches applied during rebuild.
* Comparison to previously shipped versions ok
* Binary package update Ok
* Advisory Ok

Comment 4 Arvid Requate

2018-05-08 14:57:11 CEST

<http://errata.software-univention.de/ucs/4.2/382.html>