Univention Bugzilla – Full Text Bug Listing |
Summary: | mysql-5.5: Multiple issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, requate, walkenhorst |
Version: | UCS 4.1 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.1-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 40531, 41851, 43441 |
Description
Arvid Requate
2016-01-28 14:44:27 CET
Fixed in upstream Debian package version 5.5.47-0+deb7u1. Fixed in 5.5.49-0+deb7u1: CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-2047 For details see: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html Fixed in upstream Debian (Jessie) package version 5.5.50-0+deb8u1: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 For details see: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Fixed in upstream Debian (Jessie) package version 5.5.52-0+deb8u1: CVE-2016-6662 privilege escalation through ld_preload hijacking and my.cnf rewrite Also: The upcoming advisory CVE-2016-6663 will also make the exploitation trivial for certain low-privileged attackers that do not have FILE privilege. <http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html> repo_admin.py -U -r 4.1 -s errata4.1-3 -d wheezy -p mysql-5.5 Package: mysql-5.5 Version: 5.5.52-0.25.201609281418 Branch: ucs_4.1-0 Scope: errata4.1-3 r72876 | Bug #40530: mysql-5.5 UCS-4.1-3 mysql-5.5.yaml errata-announce -V --only mysql-5.5.yaml --ignore-validate cve OK - amd64/i386 OK - install/update OK - build with patches OK - CVE's OK - short test (mysql cmdline, owncloud installation) OK - version in 4.1 higher than in 3.3 OK - yaml |