USN-2291-1: MySQL vulnerabilities also applies to MariaDB
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mariadb-5.5 (Ubuntu) |
Fix Released
|
Undecided
|
Otto Kekäläinen |
Bug Description
The security notice http://
Here is the changelog in Debian (http://
mariadb-5.5 (5.5.39-1) unstable; urgency=low
* New upstream release.
* Fixes an error when handling MyISAM temporary files can be
exploited to execute arbitrary code (Secunia Advisory SA60599)
* Add patch to fix kFreeBSD builds
* Fixed wrongly applied fix of MDEV-5957 (Closes: #752203)
mariadb-5.5 (5.5.38-1) unstable; urgency=low
* New upstream release.
* Added upstream release signing key in preparation for future use
* Made libterm-
* Add patch to fix HPPA build error (Closes: #751805)
* Fixed lots and lots of Lintian warnings
* Disabled TokuDB (Closes: #753222). Remember to re-enable if once
https:/
* Add in retrospect corresponding MariaDB CVEs for
Oracle SPU July 2014 (Closes: #754940)
- CVE-2014-2494
- CVE-2014-4207
- CVE-2014-4243
- CVE-2014-4258
- CVE-2014-4260
MariaDB 5.5.39 has been in Debian for a while, and the backported version is available at https:/
On request by the Ubuntu security team I will create a separate version for Trusty upload and add it as a patch to this bug report.
Changed in mariadb-5.5 (Ubuntu): | |
assignee: | nobody → Otto Kekäläinen (otto) |
status: | New → In Progress |
information type: | Private Security → Public Security |
Patch attached. Here are the steps to deploy this patch:
1. apt-get source mariadb-server - on Trusty will download and unpack mariadb- 5.5_5.5. 37-0ubuntu0. 14.04.1. debian. tar.gz
2. Download mariadb- 5.5.39. tar.gz from https:/ /downloads. mariadb. org/mariadb/ 5.5.39/ #os_group= source and rename it to mariadb- 5.5_5.5. 39.orig. tar.gz
3. Check that sha256sum matches: f01c99a612cc75b 76ead5d75adfa75 a606f453d32f908 9d14 mariadb- 5.5.39. orig.tar. gz
cb850865ab55ce5
4. Unpack mariadb- 5.5.39. orig.tar. gz, mariadb-5.5.39/ is created
5. Replace upstream mariadb- 5.5.39/ debian/ * with mariadb- 5.5-5.5. 37/debian/ * from Trusty
6. Apply the attached patch mariadb- 5.5_5.5. 37-0ubuntu0. 14.04.1_ _5.5.39- 0ubuntu0. 14.04.1. diff on mariadb- 5.5.39/ debian/
7. Build and ship
Unlike #1313187 I don't have time now to create test repos, but I guess they are not needed.
For more information about MariaDB in Debian and Ubuntu, please see https:/ /wiki.debian. org/Teams/ MySQL/MariaDBPl an