[USN-3629-3] MySQL vulnerabilities


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============9016124930658641880==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol=”application/pgp-signature”;
boundary=”n6gDkVeX9s8u32ZnynB3glEBRfAUicUzO”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–n6gDkVeX9s8u32ZnynB3glEBRfAUicUzO
Content-Type: multipart/mixed; boundary=”tyF2kRvdmcbyAG8lYrZWZdGx9P2WSc9wx”;
protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: “ubuntu-security-announce@lists.ubuntu.com”

Message-ID:
Subject: [USN-3629-3] MySQL vulnerabilities

–tyF2kRvdmcbyAG8lYrZWZdGx9P2WSc9wx
Content-Type: text/plain; charset=utf-8
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3629-3
April 30, 2018

mysql-5.7 vulnerabilities
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
– mysql-5.7: MySQL database

Details:

USN-3629-1 fixed vulnerabilities in MySQL. This update provides the
corresponding updates for Ubuntu 18.04 LTS.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includ=
es
new upstream MySQL versions to fix these issues.
MySQL has been updated to 5.5.60 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS,=
and
Ubuntu 17.10 have been updated to MySQL 5.7.22.
In addition to security fixes, the updated packages contain bug fixes, =
new
features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-60.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-22.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.h=
tml

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
mysql-server-5.7 5.7.22-0ubuntu18.04.1

In general, a standard system update will make all the necessary changes.=

References:
https://usn.ubuntu.com/usn/usn-3629-3
https://usn.ubuntu.com/usn/usn-3629-1
CVE-2018-2755, CVE-2018-2758, CVE-2018-2759, CVE-2018-2761,
CVE-2018-2762, CVE-2018-2766, CVE-2018-2769, CVE-2018-2771,
CVE-2018-2773, CVE-2018-2775, CVE-2018-2776, CVE-2018-2777,
CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781,
CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787,
CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, CVE-2018-2816,
CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839,
CVE-2018-2846

Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.22-0ubuntu18.04.1

–tyF2kRvdmcbyAG8lYrZWZdGx9P2WSc9wx–

–n6gDkVeX9s8u32ZnynB3glEBRfAUicUzO
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJa50uBAAoJEGVp2FWnRL6TZloQAJNVywQgoAea22OFiIFiPhme
3GdYqq8dHmOpoVpiv010yDxcOLyEAzuvn5MPeu2bUbDhgcSS5XYrnQfSJeX8J+QJ
WnIirJu9KvBr2KtTsfE4Ag+P6djffFGlZDeb0nPpumQw2s6u5JGlMgQg04uHKilD
gBemSpJWdnf2uo+b7aC1AcgQu4VAD0X4imo0xh/+Ls0j2lj+oHpSd4YK8lJ/5Tm/
LGCleXYAmrSYJl/ggjwcKNQRwExTLEOxwua6FNN2fm+sHPOZ8AKaWP/jfwM8t5T+
335D7fKZpenEjRnMLDcfBlwCWoUtDpyQiAM0SMYq++uYl1khAdNYhPFiMsXddTOs
TKSk3bIIPyOTy39DQoRONWQEHBWDRgcHqY9b6dmU0jg3FGoF1/OU1/qrUzf6fmpf
T0EYYNDc2NJ2EzUoZ79sMracSZbuIo+DVbEqRU7cpKU0rRDAJERh9a6qKfzp7nBu
Qk2l++T5bHSo5MYxOM98Kys62SfkBmzvktot5B4BpJJ86d0uJirHMB5X92xUpbwz
Kp5k2B4zpRM0R5gbPehCTy79vaTwi/QS0LgscxTRbZ180QX8crOSlLr7bd0FwrzN
BLPFaQN3lkIzvexqBikdexTCEU8+gFGmk5mYveTYlSBivMaliu5H/4iwHULUpucK
0fUTFPjS7iK07woQXHTX
=P1FP
—–END PGP SIGNATURE—–

–n6gDkVeX9s8u32ZnynB3glEBRfAUicUzO–

–===============9016124930658641880==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============9016124930658641880==–