Security fixes from the April 2016 CPU

Bug #1570808 reported by Norvald H. Ryeng on 2016-04-15
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.7 (Ubuntu)
Undecided
Unassigned

Bug Description

The Oracle Critical Patch Update for April 2016 will be released on Tuesday, April 19. According to the pre-release announcement [1], it will contain information about CVEs fixed in MySQL 5.7.12.

The CVE numbers will be available when the CPU is released.

MySQL 5.7.12 has already been released and is available for download.

[1] http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html

information type: Private Security → Public Security
Robie Basak (racb) wrote :

12:25 <rbasak> Incoming security update for MySQL 5.7. The microrelease update is available from upstream, though not the full announcement. Only the pre-announcement: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html

12:25 <rbasak> We'll have a bug to track this in Ubuntu shortly.

12:25 <rbasak> I can upload the update now if that's desirable?

12:25 <rbasak> I also have a NEWS file to add (missed in previous upload) which I presume won't be an issue. No other packaging changes.

Robie Basak (racb) wrote :

This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

tags: added: rls-x-incoming
Robie Basak (racb) wrote :

(that was meant to be in quotes; it is from the Oracle advisory)

Norvald H. Ryeng (nryeng) wrote :

Vulnerabilities fixed by upgrading from 5.7.11 to 5.7.12:

CVE-2016-0639
CVE-2016-0642
CVE-2016-0643
CVE-2016-0647
CVE-2016-0648
CVE-2016-0655
CVE-2016-0657
CVE-2016-0659
CVE-2016-0662
CVE-2016-0666
CVE-2016-0667
CVE-2016-0705
CVE-2016-2047

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers