drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in MySQL
Name: |
Ausführen beliebiger Kommandos in MySQL |
|
ID: |
USN-3078-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Mi, 14. September 2016, 06:25 |
|
Referenzen: |
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6662
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html |
|
Applikationen: |
MySQL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7900524788810367410== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="NWX6MFfMEeMxFI3gntCAifIKUueVRGnV9"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NWX6MFfMEeMxFI3gntCAifIKUueVRGnV9 Content-Type: multipart/mixed; boundary="RajVnlkbk1tNOdgwLTET8qDa38iI6FN2n" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <0784628c-022d-7b85-70a3-fb517a465dc3@canonical.com> Subject: [USN-3078-1] MySQL vulnerability
--RajVnlkbk1tNOdgwLTET8qDa38iI6FN2n Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3078-1 September 13, 2016
mysql-5.5, mysql-5.7 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
MySQL could be made to run programs as an administrator.
Software Description: - mysql-5.7: MySQL database - mysql-5.5: MySQL database
Details:
Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges.
MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15.
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: mysql-server-5.7 5.7.15-0ubuntu0.16.04.1
Ubuntu 14.04 LTS: mysql-server-5.5 5.5.52-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: mysql-server-5.5 5.5.52-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3078-1 CVE-2016-6662
Package Information: https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.15-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.52-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.52-0ubuntu0.12.04.1
--RajVnlkbk1tNOdgwLTET8qDa38iI6FN2n--
--NWX6MFfMEeMxFI3gntCAifIKUueVRGnV9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJX2DfvAAoJEGVp2FWnRL6TRv8P/2bljELxWtljyMrelDKPT+wF px2t0k6pHJXe3QaXEbGw6uH5xSdKPoX85zuBNnMHwS9uaRQo1RQhYC//3xgTMP6M SGLgTm4l3HxG3V8iEM3AbsVAeexLG4fby2mMpZmahzn3SafeEZUUy8HsqKSMP2gS mExYzb8dM02adHBO+O8W1DF0DSjNsaPh1Zd+ASuPGYsIx/izaULC/fRT12RiNzqZ bm6nDnZrWFJkAHfkdjyOzCgQl9IB+M+sEuJyngbba1x//wkOG4NfO1ELLWUdn+YD w5jRkhj9Opt+tmvqpCR/nEM88cl4PcQIBNyB8+MgeoL2V/FQOCl2j+59vGegxIFl 7LMkJdQzv78TpMeNQznX2/r7qaig3GYsolw6IpPs54/a/NUqx4AZsxmJ1d8p5ED8 qYNA7YLTlVx5IqN3NguHbZa0V+UHX9Tm2vB1LMvAV8Pc+qKcH6Eem3tt/XT3lsYY +jetXa+CZobcpjPaJFgnGE3/pO0dC2MPEuy9hNOCxBMo31zAZBgSEhVXcwvPjcBp 7Ba89RpgDBtPlFLLERo98z3IFryMAeAf5ZeDXRsLWG29+j1nmGqrTRbsokEx/nEZ O39kcBuzewpPHlVb+Ji3b+LRx1Gw0ZweyvPxhnfWoluDZnezl0Sc+LXXuK8EpqXl 4+BBFvFKWZx/Kt+C4UPm =hKdQ -----END PGP SIGNATURE-----
--NWX6MFfMEeMxFI3gntCAifIKUueVRGnV9--
--===============7900524788810367410== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7900524788810367410==--
|
|
|
|