Launchpad.net

CVE 2016-5437

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.

Related bugs and status

CVE-2016-5437 (Candidate) is related to these bugs:

Bug #1571865: mysql fails to start after upgrade if previous defaults were customised

		In	Importance	Status
1571865	mysql fails to start after upgrade if previous defaults were customised	mysql-5.7 (Ubuntu)	High	Fix Released
1571865	mysql fails to start after upgrade if previous defaults were customised	Release Notes for Ubuntu	Undecided	Fix Released
1571865	mysql fails to start after upgrade if previous defaults were customised	mysql-5.7 (Ubuntu Xenial)	High	Fix Released

Bug #1574458: Logs.var.log.mysql.error.log.txt contains usernames and passwords

		In	Importance	Status
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mysql-5.7 (Ubuntu)	High	Fix Released
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mysql-5.6 (Ubuntu)	Undecided	Invalid
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mysql-5.5 (Ubuntu)	Undecided	Invalid
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mariadb-5.5 (Ubuntu)	Undecided	Invalid
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mariadb-10.0 (Ubuntu)	Undecided	Invalid
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mariadb-10.0 (Ubuntu Xenial)	Undecided	Confirmed
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mysql-5.7 (Ubuntu Xenial)	High	Fix Released
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mariadb-5.5 (Ubuntu Trusty)	Undecided	Confirmed
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mysql-5.5 (Ubuntu Trusty)	Undecided	Confirmed
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mysql-5.6 (Ubuntu Trusty)	Undecided	Invalid
1574458	Logs.var.log.mysql.error.log.txt contains usernames and passwords	mariadb-10.1 (Ubuntu)	Undecided	Confirmed

Bug #1576647: mysqld is not restarted after postinst runs mysql_upgrade

Summary				In	Importance	Status
	1576647	mysqld is not restarted after postinst runs mysql_upgrade		mysql-5.7 (Ubuntu)	Medium	Fix Released
	1576647	mysqld is not restarted after postinst runs mysql_upgrade		mysql-5.7 (Ubuntu Xenial)	Medium	Fix Released

Bug #1577712: mysql_upgrade is called twice concurrently on upgrade from 14.04

Summary				In	Importance	Status
	1577712	mysql_upgrade is called twice concurrently on upgrade from 14.04		mysql-5.7 (Ubuntu)	High	Fix Released
	1577712	mysql_upgrade is called twice concurrently on upgrade from 14.04		mysql-5.7 (Ubuntu Xenial)	High	Fix Released

Bug #1602763: postinst does not print a helpful message when the server will fail to start

Summary				In	Importance	Status
	1602763	postinst does not print a helpful message when the server will fail to start		mysql-5.7 (Ubuntu)	Medium	Fix Released
	1602763	postinst does not print a helpful message when the server will fail to start		mysql-5.7 (Ubuntu Xenial)	Undecided	Fix Released

Bug #1604796: mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug

		In	Importance	Status
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.7 (Ubuntu)	Undecided	Fix Released
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.5 (Ubuntu)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.6 (Ubuntu)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.5 (Ubuntu Yakkety)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.6 (Ubuntu Yakkety)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.7 (Ubuntu Yakkety)	Undecided	Fix Released
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.5 (Ubuntu Precise)	Medium	Fix Released
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.6 (Ubuntu Precise)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.7 (Ubuntu Precise)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.5 (Ubuntu Xenial)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.6 (Ubuntu Xenial)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.7 (Ubuntu Xenial)	Medium	Fix Released
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.5 (Ubuntu Trusty)	Medium	Fix Released
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.6 (Ubuntu Trusty)	Medium	Fix Released
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.7 (Ubuntu Trusty)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.5 (Ubuntu Wily)	Undecided	Invalid
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.6 (Ubuntu Wily)	Medium	Fix Released
1604796	mysql 5.5.50, 5.6.31, 5.7.13 security update tracking bug	mysql-5.7 (Ubuntu Wily)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
BID: 91787
UBUNTU: USN-3040-1
BID: 91917
SECTRACK: 1036362