[USN-3867-1] MySQL vulnerabilities


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

protocol=”application/pgp-signature”;
boundary=”KbjKtuRqhL1FBWWVGME62C2GLb6wR9xs9″

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–KbjKtuRqhL1FBWWVGME62C2GLb6wR9xs9

protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: “ubuntu-security-announce@lists.ubuntu.com”

Message-ID:
Subject: [USN-3867-1] MySQL vulnerabilities

–nC6sICB4iDGiQRWnSYM6T1UY1mpr02STj

Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=
=

Ubuntu Security Notice USN-3867-1
January 23, 2019

mysql-5.7 vulnerabilities
=
=

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
– mysql-5.7: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update include=
s
a new upstream MySQL version to fix these issues.

Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to=

MySQL 5.7.25.

In addition to security fixes, the updated packages contain bug fixes, ne=
w
features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.h=
tml

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
mysql-server-5.7 5.7.25-0ubuntu0.18.10.2

Ubuntu 18.04 LTS:
mysql-server-5.7 5.7.25-0ubuntu0.18.04.2

Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.25-0ubuntu0.16.04.2

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3867-1
CVE-2019-2420, CVE-2019-2434, CVE-2019-2455, CVE-2019-2481,
CVE-2019-2482, CVE-2019-2486, CVE-2019-2503, CVE-2019-2507,
CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2531,
CVE-2019-2532, CVE-2019-2534, CVE-2019-2537

Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.25-0ubuntu0.18.10.2
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.25-0ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.25-0ubuntu0.16.04.2

–nC6sICB4iDGiQRWnSYM6T1UY1mpr02STj–

–KbjKtuRqhL1FBWWVGME62C2GLb6wR9xs9

Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxIqeMACgkQZWnYVadE
vpN2uA//aHJzegO15TKQVeVC6WfW/cuAPpIXCV+MDYzX6xXzwot/nvXM4uhSty1D
4jUPIuQXK7Ow7enWXCbZjuct0qxkfUnbPJcGXlPvgPfVQEv3I52E6aah3qQc/P0M
CGTbPjYM6dRe7VTMqZobkGOd41mg6kYkHfm3+H1hGazFA0ArqoN0zFawOrzdj/Ka
C1NUdwTxQf8cUq60zpLUDvYeTuI5njBeeLiokTxIUaXblE/McsVvVjDv9BGWVBw9
uVqpesJ3xTUGS9pksTVHJ7xo9twy0bDo46c2m49SRQlp+Qs6Xf7/hycToSLjieDz
vSstPG4QDtWOLLcpG2vOQw9t2vYWzFzdWOhlbRFYWkaa0fpK9wtt4bIcyfzKe2Eu
cU+L0EgrqpxwwG0wWM6i5YrceyfW+qLgZx62ipZ4+4V6ZM36kK7ygwe6x2/ManDd
9AwqL1GJyxYvY5ly3gbmXjetmDPBPHI0T0Pj57CqZuQ+VET7mrPn5Hnk694JI6C4
A2gnUeJu/Nmyx6lrH+r7T53DdHt+EBWxOCFAHpXE4KTv9ErzAkYsIyElxvmEEflv
yEfga7H4jiEdX6dCoJwQivZghDkNM8CgJXXTYeBiiLSEMbX7+fx9qz8b8g/AKG2R
FeFIfqBlMcUyS2eYC6NWlct2eTuB8PRSEVnkHkaCXOpb5s4Ysu0=
=Gk47
—–END PGP SIGNATURE—–

–KbjKtuRqhL1FBWWVGME62C2GLb6wR9xs9–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK