Bug 40531

Summary:	mysql-5.5: Multiple issues (4.0)
Product:	UCS	Reporter:	Arvid Requate <requate>
Component:	Security updates	Assignee:	Security maintainers <security-maintainers>
Status:	CLOSED WONTFIX	QA Contact:
Severity:	normal
Priority:	P5	CC:	gohmann, requate
Version:	UCS 4.0	Flags:	requate: Patch_Available+
Target Milestone:	UCS 4.0-x-errata
Hardware:	Other
OS:	Linux
URL:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
What kind of report is it?:	---	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):	Security
Max CVSS v3 score:
Bug Depends on:	40530
Bug Blocks:

Description Arvid Requate

2016-01-28 14:44:55 CET

+++ This bug was initially created as a clone of Bug #40530 +++

New security vulnerabilities have been discovered in MySQL:

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL

The current version in UCS 4.0-4 is affected by these:

CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616

Comment 1 Arvid Requate

2016-02-01 11:12:46 CET

Fixed in upstream Debian package version 5.5.47-0+deb7u1.

Comment 2 Arvid Requate

2016-05-03 15:51:28 CEST

Fixed in 5.5.49-0+deb7u1:

CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643
CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648
CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-2047

For details see:

 https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html
 https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html
 http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html

Comment 3 Arvid Requate

2016-06-01 19:11:49 CEST

UCS 4.0 is out of maintenance. See Depends field for the UCS 4.1 specific bug.