Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in MySQL
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in MySQL
ID: USN-3078-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
Datum: Mi, 14. September 2016, 06:25
Referenzen: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6662
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html
Applikationen: MySQL

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7900524788810367410==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="NWX6MFfMEeMxFI3gntCAifIKUueVRGnV9"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--NWX6MFfMEeMxFI3gntCAifIKUueVRGnV9
Content-Type: multipart/mixed;
 boundary="RajVnlkbk1tNOdgwLTET8qDa38iI6FN2n"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <0784628c-022d-7b85-70a3-fb517a465dc3@canonical.com>
Subject: [USN-3078-1] MySQL vulnerability

--RajVnlkbk1tNOdgwLTET8qDa38iI6FN2n
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3078-1
September 13, 2016

mysql-5.5, mysql-5.7 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

MySQL could be made to run programs as an administrator.

Software Description:
- mysql-5.7: MySQL database
- mysql-5.5: MySQL database

Details:

Dawid Golunski discovered that MySQL incorrectly handled configuration
files. A remote attacker could possibly use this issue to execute arbitrary
code with root privileges.

MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Ubuntu 16.04 LTS has been updated to MySQL 5.7.15.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  mysql-server-5.7                5.7.15-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  mysql-server-5.5                5.5.52-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  mysql-server-5.5                5.5.52-0ubuntu0.12.04.1

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-3078-1
  CVE-2016-6662

Package Information:
  https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.15-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.52-0ubuntu0.14.04.1
  https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.52-0ubuntu0.12.04.1



--RajVnlkbk1tNOdgwLTET8qDa38iI6FN2n--

--NWX6MFfMEeMxFI3gntCAifIKUueVRGnV9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJX2DfvAAoJEGVp2FWnRL6TRv8P/2bljELxWtljyMrelDKPT+wF
px2t0k6pHJXe3QaXEbGw6uH5xSdKPoX85zuBNnMHwS9uaRQo1RQhYC//3xgTMP6M
SGLgTm4l3HxG3V8iEM3AbsVAeexLG4fby2mMpZmahzn3SafeEZUUy8HsqKSMP2gS
mExYzb8dM02adHBO+O8W1DF0DSjNsaPh1Zd+ASuPGYsIx/izaULC/fRT12RiNzqZ
bm6nDnZrWFJkAHfkdjyOzCgQl9IB+M+sEuJyngbba1x//wkOG4NfO1ELLWUdn+YD
w5jRkhj9Opt+tmvqpCR/nEM88cl4PcQIBNyB8+MgeoL2V/FQOCl2j+59vGegxIFl
7LMkJdQzv78TpMeNQznX2/r7qaig3GYsolw6IpPs54/a/NUqx4AZsxmJ1d8p5ED8
qYNA7YLTlVx5IqN3NguHbZa0V+UHX9Tm2vB1LMvAV8Pc+qKcH6Eem3tt/XT3lsYY
+jetXa+CZobcpjPaJFgnGE3/pO0dC2MPEuy9hNOCxBMo31zAZBgSEhVXcwvPjcBp
7Ba89RpgDBtPlFLLERo98z3IFryMAeAf5ZeDXRsLWG29+j1nmGqrTRbsokEx/nEZ
O39kcBuzewpPHlVb+Ji3b+LRx1Gw0ZweyvPxhnfWoluDZnezl0Sc+LXXuK8EpqXl
4+BBFvFKWZx/Kt+C4UPm
=hKdQ
-----END PGP SIGNATURE-----

--NWX6MFfMEeMxFI3gntCAifIKUueVRGnV9--


--===============7900524788810367410==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7900524788810367410==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung