Bug 40530

Summary: mysql-5.5: Multiple issues (4.1)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P5 CC: gohmann, requate, walkenhorst
Version: UCS 4.1Flags: requate: Patch_Available+
Target Milestone: UCS 4.1-3-errata   
Hardware: Other   
OS: Linux   
URL: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 40531, 41851, 43441    

Description Arvid Requate univentionstaff 2016-01-28 14:44:27 CET 
New security vulnerabilities have been discovered in MySQL:

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL

The current version in UCS 4.0-4 is affected by these:

CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616
Comment 1 Arvid Requate univentionstaff 2016-02-01 11:12:37 CET 
Fixed in upstream Debian package version 5.5.47-0+deb7u1.
Comment 2 Arvid Requate univentionstaff 2016-05-03 15:51:33 CEST 
Fixed in 5.5.49-0+deb7u1:

CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643
CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648
CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-2047

For details see:

 https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html
 https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html
 http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
Comment 3 Arvid Requate univentionstaff 2016-07-25 20:56:02 CEST 
Fixed in upstream Debian (Jessie) package version 5.5.50-0+deb8u1:

CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440

For details see:

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Comment 4 Janek Walkenhorst univentionstaff 2016-09-15 18:46:10 CEST 
Fixed in upstream Debian (Jessie) package version 5.5.52-0+deb8u1:

CVE-2016-6662
privilege escalation through ld_preload hijacking and my.cnf rewrite

Also: 
  The upcoming advisory CVE-2016-6663 will also make the exploitation trivial
  for certain low-privileged attackers that do not have FILE privilege. 
<http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html>
Comment 5 Philipp Hahn univentionstaff 2016-09-28 14:40:06 CEST 
repo_admin.py -U -r 4.1 -s errata4.1-3 -d wheezy -p mysql-5.5

Package: mysql-5.5
Version: 5.5.52-0.25.201609281418
Branch: ucs_4.1-0
Scope: errata4.1-3

r72876 | Bug #40530: mysql-5.5 UCS-4.1-3
 mysql-5.5.yaml

errata-announce -V --only mysql-5.5.yaml --ignore-validate cve
Comment 6 Felix Botner univentionstaff 2016-10-11 10:56:58 CEST 
OK - amd64/i386
OK - install/update
OK - build with patches
OK - CVE's
OK - short test (mysql cmdline, owncloud installation)
OK - version in 4.1 higher than in 3.3

OK - yaml
Comment 7 Janek Walkenhorst univentionstaff 2016-10-12 13:06:43 CEST 
<http://errata.software-univention.de/ucs/4.1/284.html>