Univention Bugzilla – Bug 42875
mysql-5.5: Multiple issues (4.1)
Last modified: 2016-11-23 14:34:22 CET
New security vulnerabilities have been discovered in MySQL: * https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html * http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL The current version in UCS 4.1-3 may be affected by these: * Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. (CVE-2016-5584) * yaSSL: AES key leak via cache-bank timing side channel attack (CVE-2016-7440)
Fixed in upstream Debian package version 5.5.53-0+deb7u1. I imported the package, it's currently building. Advisory: mysql-5.5.yaml
OK - CVE-2016-6662 CVE-2016-7440 CVE-2016-5584 OK - built with univention patches OK - install/upgrade OK - YAML
<http://errata.software-univention.de/ucs/4.1/328.html>