Bug 46865 - mysql-5.5: Multiple issues (4.2)
mysql-5.5: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-3-errata
Assigned To: Philipp Hahn
Arvid Requate
https://dev.mysql.com/doc/relnotes/my...
:
Depends on: 45633
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-23 09:53 CEST by Philipp Hahn
Modified: 2018-05-08 14:57 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 7.7 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-04-23 09:53:30 CEST
* CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2773 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2818 mysql: Server : Security : Privileges unspecified vulnerability (CPU Apr 2018)
* CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
Comment 1 Philipp Hahn univentionstaff 2018-04-23 09:55:07 CEST
[4.2-3] f97072fc3f Bug #46865: mysql-5.5 5.5.60-0+deb8u1A~4.2.3.201804221415
Comment 2 Quality Assurance univentionstaff 2018-05-04 16:58:20 CEST
--- mirror/ftp/4.2/unmaintained/component/4.2-3-errata/source/mysql-5.5_5.5.59-0+deb8u1A~4.2.3.201801251404.dsc
+++ apt/ucs_4.2-0-errata4.2-3/source/mysql-5.5_5.5.60-0+deb8u1A~4.2.3.201804221415.dsc
@@ -1,4 +1,4 @@
-5.5.59-0+deb8u1A~4.2.3.201801251404 [Thu, 25 Jan 2018 14:19:54 +0100] Univention builddaemon <buildd@univention.de>:
+5.5.60-0+deb8u1A~4.2.3.201804221415 [Sun, 22 Apr 2018 14:15:22 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. The following patches have been applied to the original source package
     00_remove_debian_news
@@ -7,6 +7,17 @@
     30_root_password
     50_ucr_autostart
 
+5.5.60-0+deb8u1 [Wed, 18 Apr 2018 22:28:36 +0200] Salvatore Bonaccorso <carnil@debian.org>:
+
+  * Non-maintainer upload by the Security Team.
+  * Imported Upstream version 5.5.60 to fix security issues:
+    - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
+    - CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781
+      CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819
+  * Don't install obsolete manpages.
+    Do not try to install anymore obsolete manpages for mysql_client_test,
+    mysql_client_test_embedded and mysqltest_embedded.
+
 5.5.59-0+deb8u1 [Wed, 17 Jan 2018 13:36:35 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 
   * Non-maintainer upload by the Security Team.
Comment 3 Arvid Requate univentionstaff 2018-05-07 20:01:55 CEST
* All UCS specific patches applied during rebuild.
* Comparison to previously shipped versions ok
* Binary package update Ok
* Advisory Ok
Comment 4 Arvid Requate univentionstaff 2018-05-08 14:57:11 CEST
<http://errata.software-univention.de/ucs/4.2/382.html>