Univention Bugzilla – Full Text Bug Listing |
Summary: | mysql-5.5: Multiple issues (3.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, requate, walkenhorst |
Version: | UCS 3.3 | ||
Target Milestone: | UCS 3.3-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | 42875, 43380, 44516, 45094 | ||
Bug Blocks: |
Description
Arvid Requate
2016-11-08 12:29:06 CET
Fixed in upstream Debian package version 5.5.53-0+deb7u1. New security vulnerabilities have been discovered in MySQL: * https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html * http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL The current version in UCS 4.1-4 may be affected by these: CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 Fixed upstream in 5.5.54-0+deb7u1. Imported and built. Advisory: mysql-5.5.yaml Upstream Debian package version 5.5.55-0+deb7u1 fixes these issues: CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 Package imported and built. Advisory updated. mysql-server-5.5 hängt ab von initscripts (>= 2.88dsf-13.3) [NICHT VERFÜGBAR] Additionally, could you move the advisory into the "staging" subdirectory? (In reply to Janek Walkenhorst from comment #6) > Additionally, could you move the advisory into the "staging" subdirectory? That has already happenend. Ok, two svn/patches had been dropped in errata3.3-0, I've rebuilt the package with them. Advisory: OK Tests: OK |