Univention Bugzilla – Bug 42876
mysql-5.5: Multiple issues (3.3)
Last modified: 2017-07-28 13:14:43 CEST
+++ This bug was initially created as a clone of Bug #42875 +++ New security vulnerabilities have been discovered in MySQL: * https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html * http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL * Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. (CVE-2016-5584) * yaSSL: AES key leak via cache-bank timing side channel attack (CVE-2016-7440)
Fixed in upstream Debian package version 5.5.53-0+deb7u1.
New security vulnerabilities have been discovered in MySQL: * https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html * http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL The current version in UCS 4.1-4 may be affected by these: CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318
Fixed upstream in 5.5.54-0+deb7u1.
Imported and built. Advisory: mysql-5.5.yaml
Upstream Debian package version 5.5.55-0+deb7u1 fixes these issues: CVE-2016-5483 CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3600 Package imported and built. Advisory updated.
mysql-server-5.5 hängt ab von initscripts (>= 2.88dsf-13.3) [NICHT VERFÜGBAR] Additionally, could you move the advisory into the "staging" subdirectory?
(In reply to Janek Walkenhorst from comment #6) > Additionally, could you move the advisory into the "staging" subdirectory? That has already happenend.
Ok, two svn/patches had been dropped in errata3.3-0, I've rebuilt the package with them.
Advisory: OK Tests: OK
<http://errata.software-univention.de/ucs/3.3/42.html>