percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-xtrabackup 2.3.7

Bug #1668934 reported by James Page on 2017-03-01
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
percona-galera-3 (Ubuntu)
High
Unassigned
Xenial
High
Unassigned
Yakkety
High
Unassigned
Zesty
High
Unassigned
percona-xtrabackup (Ubuntu)
High
Unassigned
Xenial
High
Unassigned
Yakkety
High
Unassigned
Zesty
High
Unassigned
percona-xtradb-cluster-5.6 (Ubuntu)
High
Unassigned
Xenial
High
Unassigned
Yakkety
High
Unassigned
Zesty
High
Unassigned

Bug Description

[Impact]
The version of percona-xtradb-cluster-5.6 in xenial and later is out of date with know security vulnerabilities; users of this package are a risk of compromise.

[Test Case]
To verify the upgrade to the newer versions is OK, deployment of a three unit pxc cluster with sample date, upgrade to new version and re-verification of data will be undertaken.

[Regression Potential]
Medium; we're re-aligning across all three packages with Percona's upstream repositories however this will require a version dependency bump in percona-xtrabackup (2.2.x -> 2.3.x); this should be fine, but this tool has potential use outside of percona-xtradb-server-5.6 (its great for online backups of MySQL generally).

The test plan covers its use in PXC; however I would propose an extended bake period in -proposed with a call for testing on the ubuntu-server list prior to release to -updates.

[Original Bug Report]
The version of pxc in Ubuntu is really quite old with a number of security vulnerabilities; we should rebase onto the latest 5.6 release from PXC upstream.

https://www.percona.com/doc/percona-xtradb-cluster/5.6/release-notes/release-notes_index.html

James Page (james-page) wrote :

Updates for galera and xtrabackup will also be required to support updating percona-xtradb-cluster-5.6

description: updated
James Page (james-page) wrote :

percona-galera-3: 3.19

James Page (james-page) on 2017-03-01
summary: - [SRU] percona-xtradb-cluster-5.6 5.6.34-26.19
+ [SRU] percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19
summary: - [SRU] percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19
+ [SRU] percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19,
+ percona-xtrabackup 2.3.5
James Page (james-page) on 2017-03-01
summary: [SRU] percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19,
- percona-xtrabackup 2.3.5
+ percona-xtrabackup 2.3.7
James Page (james-page) on 2017-03-01
Changed in percona-galera-3 (Ubuntu):
importance: Undecided → High
Changed in percona-xtradb-cluster-5.6 (Ubuntu):
importance: Undecided → High
Changed in percona-xtrabackup (Ubuntu):
importance: Undecided → High
status: New → Triaged
Changed in percona-xtradb-cluster-5.6 (Ubuntu):
status: New → Triaged
Changed in percona-galera-3 (Ubuntu):
status: New → Triaged
James Page (james-page) wrote :

I've tested upgrades from the current zesty versions (in a three unit cluster) to the new versions of pxc, xtrabackup and galera in the PPA from #4. This included a sample dataset export from one of the QA OpenStack clouds that we run; package upgrade was clean, with units only dropping from the cluster when the mysqld was down during the package upgrade - mix of old and new versions appeared to be OK during the upgrade process.

Also performed the same testing for xenial based on packages in the PPA (same target versions as for zesty).

summary: - [SRU] percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19,
- percona-xtrabackup 2.3.7
+ percona-xtradb-cluster-5.6 5.6.34-26.19, percona-galera-3 3.19, percona-
+ xtrabackup 2.3.7
James Page (james-page) on 2017-03-03
description: updated
Changed in percona-xtradb-cluster-5.6 (Ubuntu Yakkety):
importance: Undecided → High
status: New → Triaged
Changed in percona-xtradb-cluster-5.6 (Ubuntu Xenial):
importance: Undecided → High
status: New → Triaged
Changed in percona-xtrabackup (Ubuntu Xenial):
importance: Undecided → High
status: New → Triaged
Changed in percona-xtrabackup (Ubuntu Yakkety):
importance: Undecided → High
status: New → Triaged
Changed in percona-galera-3 (Ubuntu Xenial):
importance: Undecided → High
status: New → Triaged
Changed in percona-galera-3 (Ubuntu Yakkety):
importance: Undecided → High
status: New → Triaged
James Page (james-page) wrote :

George

Could you confirm what the percona policy is on behavioural changes within a pxc series between point release updates? I think we understand what happens in the Oracle sourced base MySQL, but have less understanding of what happens in the Percona overlays in percona-server and percona-xtradb-cluster.

James Page (james-page) wrote :

From #debian-openstack:

<georgelorch> jamespage, well, as you already know, PXC is based pn PS, which is based on MySQL, so PXC inherits all changed that occur along the chain. We do not have a stone cut policy on small features improvements within a minor series but generally anything significant must go into the next major series release. So no, minor updates are not limited to bugs only. New features and improvements might come in as well. Anything that might be a major difference like file format changes, deprecation or changing of option behaviors, etc... must only go into new major series releases.

James Page (james-page) wrote :

<jamespage> georgelorch: right that's what I guessed but wanted to make sure - that's reflected in the release notes for 5.6 say

<georgelorch> Honestly I have never seen those guidelines documented anywhere, but that is what we have lived by for my 5 years or so here at Percona. Release notes though are detailed and accurate, at no time will we ever try to 'sneak something through' by not documenting, if it happens, it is a mistake and not intentional.

<rbasak> georgelorch: thanks. So for the feature changes, are there any changes that may change behaviour to users in a way that the user doesn't want?

georgelorch: for example, 5.6.34-26.19 deprecated some options. Is that going to cause users any grief if they want to continue using them? Or for example does the change to wsrep_desync_count affect any behaviour from users' perspectives in a way they may not want?

<georgelorch> rbasak, what do you mean, on minor/point update, the general rule is that users should never even know that an update happened unless absolutely unavoidable to say fix some security issue.
that one I can not answer, I do not work on PXC so really have no idea what it does.
generally though deprecating an option mid series means the option should still be there, just not responsive in the same way and will go away next major release. Some of that is us, some we inherit from our upstreams.

<rbasak> Thanks. "users should never even know..." is what I was looking for :)

<georgelorch> +1

<jamespage> James Page georgelorch: thankyou for clarifying that!

<georgelorch> there are always exceptions, but that is the rule that we go by

James Page (james-page) wrote :

As the primary driver for the stable updates is to resolve the outstanding CVE's since 5.6.21 (which is not an inconsiderable list) its been suggested that this be handled as a security update via the security team.

Subscribed the ubuntu-security team for further information.

Iain Lane (laney) wrote :

As far as the FFe is concerned, it'd be good to run through the SRU test case on Zesty too prior to uploading, but: ack.

James Page (james-page) wrote :

Thanks Iain - uploads made to zesty including the long list of CVE's these uploads resolve.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-galera-3 - 3.19-0ubuntu1

---------------
percona-galera-3 (3.19-0ubuntu1) zesty; urgency=medium

  * SECURITY UPDATE: Update to 3.19 to support security updates
    for percona-xtradb-server-5.6 (LP: #1668934).
  * Changes for new upstream release:
    - d/p/add-lsb-begin.patch,fix_arm64_ftb.patch,fix_s390x_ftb.patch,
      gcc6.patch: Dropped, no longer required or included upstream.
    - d/p/*: Refresh.
    - d/control: Add BD on libasio-dev.

 -- James Page <email address hidden> Mon, 06 Mar 2017 09:46:27 +0000

Changed in percona-galera-3 (Ubuntu Zesty):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-xtrabackup - 2.3.7-0ubuntu1

---------------
percona-xtrabackup (2.3.7-0ubuntu1) zesty; urgency=medium

  * SECURITY UPDATE: Update to 2.3.7 to fix security issue and to
    support update of percona-xtradb-cluster-5.6 to 5.6.34-26.19
    (LP: #1668934):
    - CVE-2016-6225
  * Updates for new upstream release:
    - d/control: Add new BD's on libcurl4-openssl-dev, libev-dev,
      python-docutils, python-sphinx and xxd.
  * d/control,compat: Bumped debhelper compat level to 9.
  * d/control: Bumped Standards-Version to 3.9.8.

 -- James Page <email address hidden> Mon, 06 Mar 2017 09:45:14 +0000

Changed in percona-xtrabackup (Ubuntu Zesty):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-xtradb-cluster-5.6 - 5.6.34-26.19-0ubuntu1

---------------
percona-xtradb-cluster-5.6 (5.6.34-26.19-0ubuntu1) zesty; urgency=medium

  * SECURITY UPDATE: Update to 5.6.34-26.19 to fix security issues
    (LP: #1668934):
    - CVE-2015-4766
    - CVE-2015-4792
    - CVE-2015-4800
    - CVE-2015-4802
    - CVE-2015-4815
    - CVE-2015-4819
    - CVE-2015-4826
    - CVE-2015-4830
    - CVE-2015-4833
    - CVE-2015-4836
    - CVE-2015-4858
    - CVE-2015-4861
    - CVE-2015-4862
    - CVE-2015-4864
    - CVE-2015-4866
    - CVE-2015-4870
    - CVE-2015-4879
    - CVE-2015-4890
    - CVE-2015-4895
    - CVE-2015-4904
    - CVE-2015-4905
    - CVE-2015-4910
    - CVE-2015-4913
    - CVE-2015-7744
    - CVE-2016-0503
    - CVE-2016-0504
    - CVE-2016-0505
    - CVE-2016-0546
    - CVE-2016-0594
    - CVE-2016-0595
    - CVE-2016-0596
    - CVE-2016-0597
    - CVE-2016-0598
    - CVE-2016-0600
    - CVE-2016-0605
    - CVE-2016-0606
    - CVE-2016-0607
    - CVE-2016-0608
    - CVE-2016-0609
    - CVE-2016-0610
    - CVE-2016-0611
    - CVE-2016-0616
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047
    - CVE-2016-3452
    - CVE-2016-3459
    - CVE-2016-3471
    - CVE-2016-3477
    - CVE-2016-3486
    - CVE-2016-3492
    - CVE-2016-3501
    - CVE-2016-3521
    - CVE-2016-3614
    - CVE-2016-3615
    - CVE-2016-5439
    - CVE-2016-5440
    - CVE-2016-5444
    - CVE-2016-5507
    - CVE-2016-5584
    - CVE-2016-5609
    - CVE-2016-5612
    - CVE-2016-5626
    - CVE-2016-5627
    - CVE-2016-5629
    - CVE-2016-5630
    - CVE-2016-6662
    - CVE-2016-6663
    - CVE-2016-8283
    - CVE-2016-8284
    - CVE-2016-8288
  * Changes for new upstream version:
    - d/p/fix_mtr_ssl_cert.patch: Drop, included upstream.
    - d/rules,percona-xtradb-cluster-server-5.6.docs: Tweak install
      of tests and docs for new PXC version.
    - d/control: Bump minimum versions of percona-galera-3 and
      percona-xtrabackup.
    - d/rules: Add misc compiler flags to no-error nonnull-compare,
      unused-result and no-deprecated-declarations.
    - d/control: Add BD on dh-python.
    - d/percona-xtradb-cluster-server-5.6.preinst: Add creation of
      /var/lib/mysql-files as part of package install.
    - d/p/weak-memory-compat.patch: Re-enable builds for architectures
      with weak memory models (ppc64el, arm64, armhf, powerpc, s390x).
  * d/repack.sh: Switch tar file compression to bz2.
  * d/*: wrap-and-sort.
  * d/control,compat: Bump debhelper compat level to 9.

 -- James Page <email address hidden> Mon, 06 Mar 2017 09:41:46 +0000

Changed in percona-xtradb-cluster-5.6 (Ubuntu Zesty):
status: Triaged → Fix Released
James Page (james-page) wrote :

@ubuntu-security-sponsors

I've placed all of the required package updates for xenial and yakkety in;

  https://launchpad.net/~james-page/+archive/ubuntu/pxc-march-2017

Steve Beattie (sbeattie) wrote :

James: thanks for preparing these. I'm copying them over to the security team's proposed ppa (https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/) and will get an archive admin to copy the binaries into the respective -proposed pockets when they are ready.

Steve Beattie (sbeattie) wrote :

James, these have now been published to xenial-proposed and yakkety-proposed. Thanks!

James Page (james-page) wrote :

Pre-upgrade test deployment (xenial and yakkety):

Model Controller Cloud/Region Version
pxc-testing serverstack-serverstack serverstack/serverstack 2.1-rc2.1

App Version Status Scale Charm Store Rev OS Notes
percona-cluster 5.6.21-25.8 active 3 percona-cluster jujucharms 253 ubuntu
pxc-y 5.6.21-25.8 active 3 percona-cluster jujucharms 253 ubuntu

Unit Workload Agent Machine Public address Ports Message
percona-cluster/0 active idle 0 10.5.26.91 3306/tcp Unit is ready
percona-cluster/1 active idle 1 10.5.26.92 3306/tcp Unit is ready
percona-cluster/2* active idle 2 10.5.26.93 3306/tcp Unit is ready
pxc-y/0* active idle 3 10.5.26.95 3306/tcp Unit is ready
pxc-y/1 active idle 4 10.5.26.96 3306/tcp Unit is ready
pxc-y/2 active idle 5 10.5.26.94 3306/tcp Unit is ready

Machine State DNS Inst id Series AZ
0 started 10.5.26.91 80363e57-1284-4876-b8fc-7879088ad5e4 xenial nova
1 started 10.5.26.92 3628153e-a4f3-4b44-99fa-91a32f9a55ac xenial nova
2 started 10.5.26.93 b0e81bd9-42c1-49dd-90a4-130da539e824 xenial nova
3 started 10.5.26.95 7c07ca24-f18f-44d5-abda-ca79802b4c1a yakkety nova
4 started 10.5.26.96 bd1e7fb9-dcab-4cc3-9287-fdf5ed884b7e yakkety nova
5 started 10.5.26.94 fcf8e2cc-1185-4b22-b166-a7966f04b337 yakkety nova

Relation Provides Consumes Type
cluster percona-cluster percona-cluster peer
cluster pxc-y pxc-y peer

James Page (james-page) wrote :
Download full text (5.8 KiB)

Xenial post upgrade checks:

$ mysql -u root -pXXXX
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.34-79.1-79.1 Percona XtraDB Cluster (GPL), Release 5.6.34-26.19.4c779b7, wsrep_26.19

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show status like 'wsrep%';
+------------------------------+-------------------------------------------------+
| Variable_name | Value |
+------------------------------+-------------------------------------------------+
| wsrep_local_state_uuid | 8d308825-07cc-11e7-9cd5-1bf73b7ccbf0 |
| wsrep_protocol_version | 7 |
| wsrep_last_committed | 0 |
| wsrep_replicated | 0 |
| wsrep_replicated_bytes | 0 |
| wsrep_repl_keys | 0 |
| wsrep_repl_keys_bytes | 0 |
| wsrep_repl_data_bytes | 0 |
| wsrep_repl_other_bytes | 0 |
| wsrep_received | 6 |
| wsrep_received_bytes | 1459 |
| wsrep_local_commits | 0 |
| wsrep_local_cert_failures | 0 |
| wsrep_local_replays | 0 |
| wsrep_local_send_queue | 0 |
| wsrep_local_send_queue_max | 1 |
| wsrep_local_send_queue_min | 0 |
| wsrep_local_send_queue_avg | 0.000000 |
| wsrep_local_recv_queue | 0 |
| wsrep_local_recv_queue_max | 1 |
| wsrep_local_recv_queue_min | 0 |
| wsrep_local_recv_queue_avg | 0.000000 |
| wsrep_local_cached_downto | 0 |
| wsrep_flow_control_paused_ns | 0 |
| wsrep_flow_control_paused | 0.000000 |
| wsrep_flow_control_sent | 0 |
| wsrep_flow_control_recv | 0 |
| wsrep_cert_deps_distance | 0.000000 ...

Read more...

James Page (james-page) wrote :

Xenial status check post upgrade:

Model Controller Cloud/Region Version
pxc-testing serverstack-serverstack serverstack/serverstack 2.1-rc2.1

App Version Status Scale Charm Store Rev OS Notes
percona-cluster 5.6.34-26.19 active 3 percona-cluster jujucharms 253 ubuntu

Unit Workload Agent Machine Public address Ports Message
percona-cluster/0 active idle 0 10.5.26.91 3306/tcp Unit is ready
percona-cluster/1 active idle 1 10.5.26.92 3306/tcp Unit is ready
percona-cluster/2* active idle 2 10.5.26.93 3306/tcp Unit is ready

Machine State DNS Inst id Series AZ
0 started 10.5.26.91 80363e57-1284-4876-b8fc-7879088ad5e4 xenial nova
1 started 10.5.26.92 3628153e-a4f3-4b44-99fa-91a32f9a55ac xenial nova
2 started 10.5.26.93 b0e81bd9-42c1-49dd-90a4-130da539e824 xenial nova

Relation Provides Consumes Type
cluster percona-cluster percona-cluster peer

James Page (james-page) wrote :

(note that charm deployment checks units are healthy and in sync - good status indicated in 'Unit is ready' message).

James Page (james-page) wrote :
Download full text (5.8 KiB)

Yakkety post upgrade sync check:

mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.34-79.1-79.1 Percona XtraDB Cluster (GPL), Release 5.6.34-26.19.4c779b7, wsrep_26.19

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show status like 'wsrep%';
+------------------------------+-------------------------------------------------+
| Variable_name | Value |
+------------------------------+-------------------------------------------------+
| wsrep_local_state_uuid | 9fbaa3b6-07cc-11e7-804b-bf92e2159677 |
| wsrep_protocol_version | 7 |
| wsrep_last_committed | 0 |
| wsrep_replicated | 0 |
| wsrep_replicated_bytes | 0 |
| wsrep_repl_keys | 0 |
| wsrep_repl_keys_bytes | 0 |
| wsrep_repl_data_bytes | 0 |
| wsrep_repl_other_bytes | 0 |
| wsrep_received | 6 |
| wsrep_received_bytes | 1459 |
| wsrep_local_commits | 0 |
| wsrep_local_cert_failures | 0 |
| wsrep_local_replays | 0 |
| wsrep_local_send_queue | 0 |
| wsrep_local_send_queue_max | 1 |
| wsrep_local_send_queue_min | 0 |
| wsrep_local_send_queue_avg | 0.000000 |
| wsrep_local_recv_queue | 0 |
| wsrep_local_recv_queue_max | 1 |
| wsrep_local_recv_queue_min | 0 |
| wsrep_local_recv_queue_avg | 0.000000 |
| wsrep_local_cached_downto | 0 |
| wsrep_flow_control_paused_ns | 0 |
| wsrep_flow_control_paused | 0.000000 |
| wsrep_flow_control_sent | 0 |
| wsrep_flow_control_recv | 0 |
| wsrep_cert_deps_distance | 0.000000 ...

Read more...

James Page (james-page) wrote :

Yakkety post upgrade juju status check:

Model Controller Cloud/Region Version
pxc-testing serverstack-serverstack serverstack/serverstack 2.1-rc2.1

App Version Status Scale Charm Store Rev OS Notes
pxc-y 5.6.34-26.19 active 3 percona-cluster jujucharms 253 ubuntu

Unit Workload Agent Machine Public address Ports Message
pxc-y/0* active idle 3 10.5.26.95 3306/tcp Unit is ready
pxc-y/1 active idle 4 10.5.26.96 3306/tcp Unit is ready
pxc-y/2 active idle 5 10.5.26.94 3306/tcp Unit is ready

Machine State DNS Inst id Series AZ
3 started 10.5.26.95 7c07ca24-f18f-44d5-abda-ca79802b4c1a yakkety nova
4 started 10.5.26.96 bd1e7fb9-dcab-4cc3-9287-fdf5ed884b7e yakkety nova
5 started 10.5.26.94 fcf8e2cc-1185-4b22-b166-a7966f04b337 yakkety nova

Relation Provides Consumes Type
cluster pxc-y pxc-y peer

James Page (james-page) wrote :

Also validated that newer pxc version works correctly with percona status check integration via ocf resources when used with corosync and pacemaker:

Model Controller Cloud/Region Version
pxc-testing serverstack-serverstack serverstack/serverstack 2.1-rc2.1

App Version Status Scale Charm Store Rev OS Notes
percona-cluster 5.6.34-26.19 active 3 percona-cluster jujucharms 253 ubuntu
pxc-hacluster active 3 hacluster jujucharms 33 ubuntu

Unit Workload Agent Machine Public address Ports Message
percona-cluster/0 active idle 0 10.5.26.91 3306/tcp Unit is ready
  pxc-hacluster/1 active idle 10.5.26.91 Unit is ready and clustered
percona-cluster/1 active idle 1 10.5.26.92 3306/tcp Unit is ready
  pxc-hacluster/2 active idle 10.5.26.92 Unit is ready and clustered
percona-cluster/2* active idle 2 10.5.26.93 3306/tcp Unit is ready
  pxc-hacluster/0* active idle 10.5.26.93 Unit is ready and clustered

Machine State DNS Inst id Series AZ
0 started 10.5.26.91 80363e57-1284-4876-b8fc-7879088ad5e4 xenial nova
1 started 10.5.26.92 3628153e-a4f3-4b44-99fa-91a32f9a55ac xenial nova
2 started 10.5.26.93 b0e81bd9-42c1-49dd-90a4-130da539e824 xenial nova

Relation Provides Consumes Type
cluster percona-cluster percona-cluster peer
ha percona-cluster pxc-hacluster subordinate
hanode pxc-hacluster pxc-hacluster peer

and crm output

Last updated: Mon Mar 13 09:37:08 2017 Last change: Mon Mar 13 09:33:42 2017 by hacluster via crmd on juju-0b3a19-pxc-testing-0
Stack: corosync
Current DC: juju-0b3a19-pxc-testing-2 (version 1.1.14-70404b0) - partition with quorum
3 nodes and 4 resources configured

Online: [ juju-0b3a19-pxc-testing-0 juju-0b3a19-pxc-testing-1 juju-0b3a19-pxc-testing-2 ]

Full list of resources:

 Resource Group: grp_percona_cluster
     res_mysql_vip (ocf::heartbeat:IPaddr2): Started juju-0b3a19-pxc-testing-0
 Clone Set: cl_mysql_monitor [res_mysql_monitor]
     Started: [ juju-0b3a19-pxc-testing-0 juju-0b3a19-pxc-testing-1 juju-0b3a19-pxc-testing-2 ]

James Page (james-page) wrote :

@Steve

I've performed the upgrade checks as outlined in the original bug report test plan.

James Page (james-page) on 2017-03-16
tags: added: verification-done
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-xtradb-cluster-5.6 - 5.6.34-26.19-0ubuntu0.16.10.1

---------------
percona-xtradb-cluster-5.6 (5.6.34-26.19-0ubuntu0.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Update to 5.6.34-26.19 to fix security issues
    (LP: #1668934):
    - CVE-2015-4766
    - CVE-2015-4792
    - CVE-2015-4800
    - CVE-2015-4802
    - CVE-2015-4815
    - CVE-2015-4819
    - CVE-2015-4826
    - CVE-2015-4830
    - CVE-2015-4833
    - CVE-2015-4836
    - CVE-2015-4858
    - CVE-2015-4861
    - CVE-2015-4862
    - CVE-2015-4864
    - CVE-2015-4866
    - CVE-2015-4870
    - CVE-2015-4879
    - CVE-2015-4890
    - CVE-2015-4895
    - CVE-2015-4904
    - CVE-2015-4905
    - CVE-2015-4910
    - CVE-2015-4913
    - CVE-2015-7744
    - CVE-2016-0503
    - CVE-2016-0504
    - CVE-2016-0505
    - CVE-2016-0546
    - CVE-2016-0594
    - CVE-2016-0595
    - CVE-2016-0596
    - CVE-2016-0597
    - CVE-2016-0598
    - CVE-2016-0600
    - CVE-2016-0605
    - CVE-2016-0606
    - CVE-2016-0607
    - CVE-2016-0608
    - CVE-2016-0609
    - CVE-2016-0610
    - CVE-2016-0611
    - CVE-2016-0616
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047
    - CVE-2016-3452
    - CVE-2016-3459
    - CVE-2016-3471
    - CVE-2016-3477
    - CVE-2016-3486
    - CVE-2016-3492
    - CVE-2016-3501
    - CVE-2016-3521
    - CVE-2016-3614
    - CVE-2016-3615
    - CVE-2016-5439
    - CVE-2016-5440
    - CVE-2016-5444
    - CVE-2016-5507
    - CVE-2016-5584
    - CVE-2016-5609
    - CVE-2016-5612
    - CVE-2016-5626
    - CVE-2016-5627
    - CVE-2016-5629
    - CVE-2016-5630
    - CVE-2016-6662
    - CVE-2016-6663
    - CVE-2016-8283
    - CVE-2016-8284
    - CVE-2016-8288
  * Changes for new upstream version:
    - d/p/fix_mtr_ssl_cert.patch: Drop, included upstream.
    - d/rules,percona-xtradb-cluster-server-5.6.docs: Tweak install
      of tests and docs for new PXC version.
    - d/control: Bump minimum versions of percona-galera-3 and
      percona-xtrabackup.
    - d/rules: Add misc compiler flags to no-error nonnull-compare,
      unused-result and no-deprecated-declarations.
    - d/percona-xtradb-cluster-server-5.6.preinst: Add creation of
      /var/lib/mysql-files as part of package install.
    - d/p/weak-memory-compat.patch: Re-enable builds for architectures
      with weak memory models (ppc64el, arm64, armhf, powerpc, s390x).

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:38:21 +0000

Changed in percona-xtradb-cluster-5.6 (Ubuntu Yakkety):
status: Triaged → Fix Released

The verification of the Stable Release Update for percona-xtradb-cluster-5.6 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-galera-3 - 3.19-0ubuntu0.16.10.1

---------------
percona-galera-3 (3.19-0ubuntu0.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Update to 3.19 to support security updates
    for percona-xtradb-server-5.6 (LP: #1668934).
  * Changes for new upstream release:
    - d/p/add-lsb-begin.patch,fix_arm64_ftb.patch,fix_s390x_ftb.patch:
      Dropped, no longer required or included upstream.
    - d/p/*: Refresh.
    - d/control: Add BD on libasio-dev.
  * d/p/fix-unaligned-checksum.patch: avoid unaligned access and FTBFS
    on armhf.

 -- James Page <email address hidden> Mon, 06 Mar 2017 13:17:35 +0000

Changed in percona-galera-3 (Ubuntu Yakkety):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-xtrabackup - 2.3.7-0ubuntu0.16.10.1

---------------
percona-xtrabackup (2.3.7-0ubuntu0.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Update to 2.3.7 to fix security issue and to
    support update of percona-xtradb-cluster-5.6 to 5.6.34-26.19
    (LP: #1668934):
    - CVE-2016-6225
  * Updates for new release:
    - d/control: Add new BD's on libcurl4-openssl-dev, libev-dev,
      python-docutils, python-sphinx and vim-common.

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:42:42 +0000

Changed in percona-xtrabackup (Ubuntu Yakkety):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-xtradb-cluster-5.6 - 5.6.34-26.19-0ubuntu0.16.04.1

---------------
percona-xtradb-cluster-5.6 (5.6.34-26.19-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 5.6.34-26.19 to fix security issues
    (LP: #1668934):
    - CVE-2015-4766
    - CVE-2015-4792
    - CVE-2015-4800
    - CVE-2015-4802
    - CVE-2015-4815
    - CVE-2015-4819
    - CVE-2015-4826
    - CVE-2015-4830
    - CVE-2015-4833
    - CVE-2015-4836
    - CVE-2015-4858
    - CVE-2015-4861
    - CVE-2015-4862
    - CVE-2015-4864
    - CVE-2015-4866
    - CVE-2015-4870
    - CVE-2015-4879
    - CVE-2015-4890
    - CVE-2015-4895
    - CVE-2015-4904
    - CVE-2015-4905
    - CVE-2015-4910
    - CVE-2015-4913
    - CVE-2015-7744
    - CVE-2016-0503
    - CVE-2016-0504
    - CVE-2016-0505
    - CVE-2016-0546
    - CVE-2016-0594
    - CVE-2016-0595
    - CVE-2016-0596
    - CVE-2016-0597
    - CVE-2016-0598
    - CVE-2016-0600
    - CVE-2016-0605
    - CVE-2016-0606
    - CVE-2016-0607
    - CVE-2016-0608
    - CVE-2016-0609
    - CVE-2016-0610
    - CVE-2016-0611
    - CVE-2016-0616
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047
    - CVE-2016-3452
    - CVE-2016-3459
    - CVE-2016-3471
    - CVE-2016-3477
    - CVE-2016-3486
    - CVE-2016-3492
    - CVE-2016-3501
    - CVE-2016-3521
    - CVE-2016-3614
    - CVE-2016-3615
    - CVE-2016-5439
    - CVE-2016-5440
    - CVE-2016-5444
    - CVE-2016-5507
    - CVE-2016-5584
    - CVE-2016-5609
    - CVE-2016-5612
    - CVE-2016-5626
    - CVE-2016-5627
    - CVE-2016-5629
    - CVE-2016-5630
    - CVE-2016-6662
    - CVE-2016-6663
    - CVE-2016-8283
    - CVE-2016-8284
    - CVE-2016-8288
  * Changes for new upstream version:
    - d/p/fix_mtr_ssl_cert.patch: Drop, included upstream.
    - d/rules,percona-xtradb-cluster-server-5.6.docs: Tweak install
      of tests and docs for new PXC version.
    - d/control: Bump minimum versions of percona-galera-3 and
      percona-xtrabackup.
    - d/rules: Add misc compiler flags to no-error nonnull-compare,
      unused-result and no-deprecated-declarations.
    - d/percona-xtradb-cluster-server-5.6.preinst: Add creation of
      /var/lib/mysql-files as part of package install.
    - d/p/weak-memory-compat.patch: Re-enable builds for architectures
      with weak memory models (ppc64el, arm64, armhf, powerpc, s390x).

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:38:21 +0000

Changed in percona-xtradb-cluster-5.6 (Ubuntu Xenial):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-galera-3 - 3.19-0ubuntu0.16.04.1

---------------
percona-galera-3 (3.19-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 3.19 to support security updates
    for percona-xtradb-server-5.6 (LP: #1668934).
  * Changes for new upstream release:
    - d/p/add-lsb-begin.patch,fix_arm64_ftb.patch,fix_s390x_ftb.patch:
      Dropped, no longer required or included upstream.
    - d/p/*: Refresh.
    - d/control: Add BD on libasio-dev.
  * d/p/fix-unaligned-checksum.patch: avoid unaligned access and FTBFS
    on armhf.

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:45:23 +0000

Changed in percona-galera-3 (Ubuntu Xenial):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package percona-xtrabackup - 2.3.7-0ubuntu0.16.04.1

---------------
percona-xtrabackup (2.3.7-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 2.3.7 to fix security issue and to
    support update of percona-xtradb-cluster-5.6 to 5.6.34-26.19
    (LP: #1668934):
    - CVE-2016-6225
  * Updates for new release:
    - d/control: Add new BD's on libcurl4-openssl-dev, libev-dev,
      python-docutils, python-sphinx and vim-common.

 -- James Page <email address hidden> Mon, 06 Mar 2017 10:42:42 +0000

Changed in percona-xtrabackup (Ubuntu Xenial):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers