USN-2480-1: MySQL vulnerabilities partially also applies to MariaDB
Bug #1414755 reported by
Otto Kekäläinen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mariadb-5.5 (Ubuntu) |
Fix Released
|
Undecided
|
Otto Kekäläinen |
Bug Description
The mentioned security issues where mostly already fixed in previous MariaDB versions, and the rest of them where fixed in 5.5.41 which is now a security release.
From https:/
Fixes for the following security vulnerabilities:
CVE-2015-0411
CVE-2015-0382
CVE-2015-0381
CVE-2015-0432
CVE-2014-6568
CVE-2015-0374
I will produce a security release and upload it as a patch to this bug report.
Changed in mariadb-5.5 (Ubuntu): | |
assignee: | nobody → Otto Kekäläinen (otto) |
status: | New → In Progress |
information type: | Private Security → Public Security |
To post a comment you must log in.
1) Patches have been created:
The patch debdiff patch for Trusty is essentially this: /github. com/ottok/ mariadb- 5.5/compare/ ubuntu/ 5.5.40- 0ubuntu0. 14.04.1. ..ubuntu- 14.04
https:/
And for Utopic this: /github. com/ottok/ mariadb- 5.5/compare/ ubuntu/ 5.5.40- 0ubuntu0. 14.10.1. ..ubuntu- 14.10
https:/
Apply the patches above on top of the current 5.5.40 package in Ubuntu and for the non debian/* stuff, get the upstream mariadb- 5.5.41. tar.gz package from MariaDB.org.
Vivid MariaDB 5.5 should be removed. Debian unstable at the moment only contains MariaDB 10.0 and so should Vivid too.
After this upgrade the MariaDB 5.5 in Trusty and Utopic are unified.
2) Testing the patches
Test build (including test suite) for Trusty and Utopic has passed successfully at https:/ /launchpad. net/~mysql- ubuntu/ +archive/ ubuntu/ mariadb/ +packages
I will still do some testing upgrading/ installing the Trusty package on a test machine.
I will comment on this issue when my manual tests are completed.