Univention Bugzilla – Bug 41851
mysql-5.5: Multiple issues (3.3)
Last modified: 2016-10-12 12:40:23 CEST
Upstream Debian package version 5.5.47-0+deb7u1 fixes these issues: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 Fixed in 5.5.49-0+deb7u1: CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-2047 For details see: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html Fixed in upstream Debian (Jessie) package version 5.5.50-0+deb8u1: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 For details see: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Fixed in upstream Debian (Jessie) package version 5.5.52-0+deb8u1: CVE-2016-6662 privilege escalation through ld_preload hijacking and my.cnf rewrite Also: The upcoming advisory CVE-2016-6663 will also make the exploitation trivial for certain low-privileged attackers that do not have FILE privilege. <http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html>
repo_admin.py --cherrypick -r 4.1 -s errata4.1-3 --releasedest 3.3 --dest errata3.3-0 -p mysql-5.5 --ignore-patches r16749 Package: mysql-5.5 Version: 5.5.52-0~ucs3.3.24.201609281417 Branch: ucs_3.3-0 Scope: errata3.3-0 r72877 | Bug #41851: mysql-5.5 UCS-3.3-0 mysql-5.5.yaml errata-announce -V --only mysql-5.5.yaml --ignore-validate cve
OK - amd64/i386 OK - install/update OK - build with patches OK - CVE's OK - short test (mysql cmdline) OK - update to 4.1 OK - yaml
<http://errata.software-univention.de/ucs/3.3/16.html>