mysql 5.5.44, 5.6.25 security update tracking bug

Bug #1475294 reported by Marc Deslauriers on 2015-07-16
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.5 (Ubuntu)
Undecided
Unassigned
Precise
Medium
Marc Deslauriers
Trusty
Medium
Marc Deslauriers
Utopic
Medium
Marc Deslauriers
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
mysql-5.6 (Ubuntu)
Medium
Marc Deslauriers
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Medium
Marc Deslauriers
Wily
Medium
Marc Deslauriers
Changed in mysql-5.5 (Ubuntu):
status: New → Invalid
Changed in mysql-5.5 (Ubuntu Precise):
status: New → Confirmed
Changed in mysql-5.5 (Ubuntu Trusty):
status: New → Confirmed
Changed in mysql-5.5 (Ubuntu Utopic):
status: New → Confirmed
Changed in mysql-5.5 (Ubuntu Precise):
importance: Undecided → Medium
Changed in mysql-5.5 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in mysql-5.5 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in mysql-5.5 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.5 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.5 (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.6 (Ubuntu):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.5 (Ubuntu Vivid):
status: New → Invalid
Changed in mysql-5.6 (Ubuntu Precise):
status: New → Invalid
Changed in mysql-5.6 (Ubuntu Trusty):
status: New → Invalid
status: Invalid → Confirmed
Changed in mysql-5.6 (Ubuntu Utopic):
status: New → Confirmed
Changed in mysql-5.6 (Ubuntu Vivid):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in mysql-5.6 (Ubuntu Wily):
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.5 - 5.5.44-0ubuntu0.14.10.1

---------------
mysql-5.5 (5.5.44-0ubuntu0.14.10.1) utopic-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.44 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2620
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757

 -- Marc Deslauriers <email address hidden> Thu, 16 Jul 2015 11:52:48 -0400

Changed in mysql-5.5 (Ubuntu Utopic):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.5 - 5.5.44-0ubuntu0.12.04.1

---------------
mysql-5.5 (5.5.44-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.44 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2620
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757

 -- Marc Deslauriers <email address hidden> Thu, 16 Jul 2015 13:59:34 -0400

Changed in mysql-5.5 (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.5 - 5.5.44-0ubuntu0.14.04.1

---------------
mysql-5.5 (5.5.44-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.44 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2620
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757

 -- Marc Deslauriers <email address hidden> Thu, 16 Jul 2015 13:36:50 -0400

Changed in mysql-5.5 (Ubuntu Trusty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.6 - 5.6.25-0ubuntu0.15.04.1

---------------
mysql-5.6 (5.6.25-0ubuntu0.15.04.1) vivid-security; urgency=medium

  * SECURITY UPDATE: Update to 5.6.25 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2611
    - CVE-2015-2617
    - CVE-2015-2620
    - CVE-2015-2639
    - CVE-2015-2641
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-2661
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757
    - CVE-2015-4761
    - CVE-2015-4767
    - CVE-2015-4769
    - CVE-2015-4771
    - CVE-2015-4772

 -- Marc Deslauriers <email address hidden> Tue, 21 Jul 2015 07:21:06 -0400

Changed in mysql-5.6 (Ubuntu Vivid):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.6 - 5.6.25-0ubuntu1

---------------
mysql-5.6 (5.6.25-0ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: Update to 5.6.25 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2611
    - CVE-2015-2617
    - CVE-2015-2620
    - CVE-2015-2639
    - CVE-2015-2641
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-2661
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757
    - CVE-2015-4761
    - CVE-2015-4767
    - CVE-2015-4769
    - CVE-2015-4771
    - CVE-2015-4772

 -- Marc Deslauriers <email address hidden> Tue, 21 Jul 2015 07:09:29 -0400

Changed in mysql-5.6 (Ubuntu Wily):
status: Confirmed → Fix Released
Felipe Reyes (freyes) wrote :

mysql 5.6.25 also fixes CVE-2012-5615[0], quoting from cve.mitre.org[1] :

"""
Oracle MySQL 5.5.38 and earlier, **5.6.19 and earlier**, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
"""

[0] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5615.html
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers