==========================================================================
Ubuntu Security Notice USN-3078-1
September 13, 2016
mysql-5.5, mysql-5.7 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
MySQL could be made to run programs as an administrator.
Software Description:
– mysql-5.7: MySQL database
– mysql-5.5: MySQL database
Details:
Dawid Golunski discovered that MySQL incorrectly handled configuration
files. A remote attacker could possibly use this issue to execute arbitrary
code with root privileges.
MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Ubuntu 16.04 LTS has been updated to MySQL 5.7.15.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.15-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.52-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
mysql-server-5.5 5.5.52-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3078-1
CVE-2016-6662
Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.15-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.52-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.52-0ubuntu0.12.04.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJX2DfvAAoJEGVp2FWnRL6TRv8P/2bljELxWtljyMrelDKPT+wF
px2t0k6pHJXe3QaXEbGw6uH5xSdKPoX85zuBNnMHwS9uaRQo1RQhYC//3xgTMP6M
SGLgTm4l3HxG3V8iEM3AbsVAeexLG4fby2mMpZmahzn3SafeEZUUy8HsqKSMP2gS
mExYzb8dM02adHBO+O8W1DF0DSjNsaPh1Zd+ASuPGYsIx/izaULC/fRT12RiNzqZ
bm6nDnZrWFJkAHfkdjyOzCgQl9IB+M+sEuJyngbba1x//wkOG4NfO1ELLWUdn+YD
w5jRkhj9Opt+tmvqpCR/nEM88cl4PcQIBNyB8+MgeoL2V/FQOCl2j+59vGegxIFl
7LMkJdQzv78TpMeNQznX2/r7qaig3GYsolw6IpPs54/a/NUqx4AZsxmJ1d8p5ED8
qYNA7YLTlVx5IqN3NguHbZa0V+UHX9Tm2vB1LMvAV8Pc+qKcH6Eem3tt/XT3lsYY
+jetXa+CZobcpjPaJFgnGE3/pO0dC2MPEuy9hNOCxBMo31zAZBgSEhVXcwvPjcBp
7Ba89RpgDBtPlFLLERo98z3IFryMAeAf5ZeDXRsLWG29+j1nmGqrTRbsokEx/nEZ
O39kcBuzewpPHlVb+Ji3b+LRx1Gw0ZweyvPxhnfWoluDZnezl0Sc+LXXuK8EpqXl
4+BBFvFKWZx/Kt+C4UPm
=hKdQ
—–END PGP SIGNATURE—–
—