Bug 40184

Summary: mysql-5.5: Multiple issues (4.0)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Daniel Tröder <troeder>
Severity: normal    
Priority: P5 CC: gohmann, requate, walkenhorst
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-4-errata   
Hardware: Other   
OS: Linux   
URL: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on: 40183    
Bug Blocks:    

Description Arvid Requate univentionstaff 2015-12-07 13:38:47 CET 
+++ This bug was initially created as a clone of Bug #40183 +++

New security vulnerabilities have been discovered in MySQL:

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL

The Debian upstream package version 5.5.46-0+deb7u1 fixes these:

CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913
Comment 1 Philipp Hahn univentionstaff 2015-12-14 16:30:32 CET 
repo_admin.py -U -p mysql-5.5 -d wheezy -r 4.0-0-0 -s errata4.0-4
b40-scope errata4.0-4 mysql-5.5
Comment 2 Philipp Hahn univentionstaff 2015-12-15 08:32:09 CET 
4.0-0: 5.5.40-0.11.201411010605
4.0-1: 5.5.40-0.14.201502051002
4.0-3: 5.5.44-0.15.201508042121
4.0-4: 5.5.46-0.16.201512141629
4.1-0: 5.5.46-0.17.201512141630

Package: mysql-5.5
Version: 5.5.46-0.16.201512141629
Branch: ucs_4.0-0-errata4.0-4
Scope: errata4.0-4

r66333 | Bug #40184: UCS-4.0-4 mysql-5.5.yaml
 mysql-5.5.yaml
Comment 3 Daniel Tröder univentionstaff 2016-01-12 10:50:45 CET 
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server
OK: pristine installation and upgrade
OK: advisory
OK: manual test:
# CRED="--user=debian-sys-maint --password=$(grep password /etc/mysql/debian.cnf | cut -d " " -f 3 | head -1)"
# mysqladmin $CRED create mytest && echo OK
# (mysql $CRED mytest <<__EOF__
DROP TABLE IF EXISTS \`testtable\`;
CREATE TABLE \`testtable\` (\`test\` char(60) COLLATE utf8_bin NOT NULL DEFAULT '');
INSERT INTO \`testtable\` VALUES ('foo'),('bar');
__EOF__
) && echo OK
# mysqldump --host=localhost $CRED --compact mytest | grep -q foo && echo OK
# mysqladmin $CRED -f drop mytest && echo OK
Comment 4 Janek Walkenhorst univentionstaff 2016-01-13 16:04:29 CET 
<http://errata.software-univention.de/ucs/4.0/384.html>