Bug 42875 - mysql-5.5: Multiple issues (4.1)
mysql-5.5: Multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Arvid Requate
Felix Botner
http://www.oracle.com/technetwork/sec...
:
Depends on:
Blocks: 42876
  Show dependency treegraph
 
Reported: 2016-11-08 12:27 CET by Arvid Requate
Modified: 2016-11-23 14:34 CET (History)
3 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-11-08 12:27:46 CET
New security vulnerabilities have been discovered in MySQL:

* https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html
* http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL

The current version in UCS 4.1-3 may be affected by these:

* Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. (CVE-2016-5584)

* yaSSL: AES key leak via cache-bank timing side channel attack (CVE-2016-7440)
Comment 1 Arvid Requate univentionstaff 2016-11-16 16:20:52 CET
Fixed in upstream Debian package version 5.5.53-0+deb7u1.

I imported the package, it's currently building.
Advisory: mysql-5.5.yaml
Comment 2 Felix Botner univentionstaff 2016-11-21 13:14:20 CET
OK - CVE-2016-6662 CVE-2016-7440 CVE-2016-5584
OK - built with univention patches
OK - install/upgrade
OK - YAML
Comment 3 Philipp Hahn univentionstaff 2016-11-23 14:34:22 CET
<http://errata.software-univention.de/ucs/4.1/328.html>