USN-2384-1: MySQL vulnerabilities partially also applies to MariaDB
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mariadb-5.5 (Ubuntu) |
Fix Released
|
Undecided
|
Otto Kekäläinen |
Bug Description
The mentioned security issues where mostly already fixed in previous MariaDB versions, and the rest of them where fixed in 5.5.40 which is now a security release.
From https:/
MariaDB 5.5.40 is a maintenance release. It includes several bugfixes
and updates, including from MySQL 5.5.40. Notable updates include:
Fixes for the following security vulnerabilities:
CVE-2014-6507
CVE-2014-6491
CVE-2014-6500
CVE-2014-6469
CVE-2014-6555
CVE-2014-6559
CVE-2014-6494
CVE-2014-6496
CVE-2014-6464
On request by the Ubuntu security team I will create a separate version for Trusty upload and add it as a patch to this bug report.
Changed in mariadb-5.5 (Ubuntu): | |
assignee: | nobody → Otto Kekäläinen (otto) |
Patch attached. Here are the steps to deploy this patch:
1. apt-get source mariadb-server - on Trusty will download and unpack mariadb- 5.5_5.5. 39-0ubuntu0. 14.04.1. debian. tar.gz
2. Download mariadb- 5.5.40. tar.gz from https:/ /downloads. mariadb. org/mariadb/ 5.5.40/ #os_group= source and rename it to mariadb- 5.5_5.5. 40.orig. tar.gz
3. Check that sha256sum matches: 43490def6fcce33 310ebae49eafe92 dc4ada0e7227202 415a mariadb- 5.5_5.5. 40.orig. tar.gz
cbde17f4a314831
4. Unpack mariadb- 5.5.40. orig.tar. gz, mariadb-5.5.40/ is created
5. Replace upstream mariadb- 5.5.40/ debian/ * with mariadb- 5.5-5.5. 39/debian/ * from Trusty
6. Apply the attached patch mariadb- 5.5_5.5. 39-0ubuntu0. 14.04.1_ _5.5.40- 0ubuntu0. 14.04.1. diff on mariadb- 5.5.40/ debian/
7. Build and ship
I've created test packages that build and pass the test suite. Build logs and installable binaries available at https:/ /launchpad. net/~mysql- ubuntu/ +archive/ ubuntu/ mariadb