Bug 48130 - mysql-5.5: Multiple issues (4.2)
mysql-5.5: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P3 normal (vote)
: UCS 4.2-5-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-12 08:17 CET by Quality Assurance
Modified: 2018-11-14 14:58 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2018-11-12 08:17:40 CET
New Debian mysql-5.5 5.5.62-0+deb8u1A~4.2.5.201811120817 fixes:
This update addresses the following issues:
* use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)  (CVE-2018-2767)
* MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)
* Server: Security: Privileges unspecified vulnerability (CPU Jul 2018)  (CVE-2018-3063)
* Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)
* Client mysqldump unspecified vulnerability (CPU Jul 2018) (CVE-2018-3070)
* Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)
* Server: Parser unspecified vulnerability (CPU Oct 2018) (CVE-2018-3133)
* Client programs unspecified vulnerability (CPU Oct 2018) (CVE-2018-3174)
* Server: Storage Engines unspecified vulnerability (CPU Oct 2018)  (CVE-2018-3282)
Comment 1 Quality Assurance univentionstaff 2018-11-12 11:00:17 CET
--- mirror/ftp/4.2/unmaintained/4.2-4/source/mysql-5.5_5.5.60-0+deb8u1A~4.2.3.201804221415.dsc
+++ apt/ucs_4.2-0-errata4.2-5/source/mysql-5.5_5.5.62-0+deb8u1A~4.2.5.201811120817.dsc
@@ -1,4 +1,4 @@
-5.5.60-0+deb8u1A~4.2.3.201804221415 [Sun, 22 Apr 2018 14:15:22 +0200] Univention builddaemon <buildd@univention.de>:
+5.5.62-0+deb8u1A~4.2.5.201811120817 [Mon, 12 Nov 2018 08:17:47 +0100] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. The following patches have been applied to the original source package
     00_remove_debian_news
@@ -6,6 +6,17 @@
     11_fix_parallel_ftbfs
     30_root_password
     50_ucr_autostart
+
+5.5.62-0+deb8u1 [Thu, 01 Nov 2018 00:13:20 -0400] Roberto C. Sanchez <roberto@debian.org>:
+
+  * Non-maintainer upload by the LTS Team.
+  * Imported Upstream version 5.5.61 to fix security issues:
+    - https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
+    - CVE-2018-2767 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3070
+    - CVE-2018-3081
+  * Imported Upstream version 5.5.62 to fix security issues:
+    - https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
+    - CVE-2018-3133 CVE-2018-3174 CVE-2018-3282
 
 5.5.60-0+deb8u1 [Wed, 18 Apr 2018 22:28:36 +0200] Salvatore Bonaccorso <carnil@debian.org>:
 

<http://10.200.17.11/4.2-5/#1269226354761355653>
Comment 2 Philipp Hahn univentionstaff 2018-11-12 12:17:14 CET
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.2-5] 3b6d45f994 Bug #48130: mysql-5.5 5.5.62-0+deb8u1A~4.2.5.201811120817
 doc/errata/staging/mysql-5.5.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 3 Arvid Requate univentionstaff 2018-11-14 14:58:59 CET
<http://errata.software-univention.de/ucs/4.2/546.html>