mysql 5.5.44, 5.6.25 security update tracking bug

Bug #1475294 reported by Marc Deslauriers
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.5 (Ubuntu)
Invalid
Undecided
Unassigned
Precise
Fix Released
Medium
Marc Deslauriers
Trusty
Fix Released
Medium
Marc Deslauriers
Utopic
Fix Released
Medium
Marc Deslauriers
Vivid
Invalid
Undecided
Unassigned
Wily
Invalid
Undecided
Unassigned
mysql-5.6 (Ubuntu)
Fix Released
Medium
Marc Deslauriers
Precise
Invalid
Undecided
Unassigned
Trusty
Confirmed
Undecided
Unassigned
Utopic
Confirmed
Undecided
Unassigned
Vivid
Fix Released
Medium
Marc Deslauriers
Wily
Fix Released
Medium
Marc Deslauriers
Changed in mysql-5.5 (Ubuntu):
status: New → Invalid
Changed in mysql-5.5 (Ubuntu Precise):
status: New → Confirmed
Changed in mysql-5.5 (Ubuntu Trusty):
status: New → Confirmed
Changed in mysql-5.5 (Ubuntu Utopic):
status: New → Confirmed
Changed in mysql-5.5 (Ubuntu Precise):
importance: Undecided → Medium
Changed in mysql-5.5 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in mysql-5.5 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in mysql-5.5 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.5 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.5 (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.6 (Ubuntu):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in mysql-5.5 (Ubuntu Vivid):
status: New → Invalid
Changed in mysql-5.6 (Ubuntu Precise):
status: New → Invalid
Changed in mysql-5.6 (Ubuntu Trusty):
status: New → Invalid
status: Invalid → Confirmed
Changed in mysql-5.6 (Ubuntu Utopic):
status: New → Confirmed
Changed in mysql-5.6 (Ubuntu Vivid):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in mysql-5.6 (Ubuntu Wily):
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.5 - 5.5.44-0ubuntu0.14.10.1

---------------
mysql-5.5 (5.5.44-0ubuntu0.14.10.1) utopic-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.44 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2620
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757

 -- Marc Deslauriers <email address hidden> Thu, 16 Jul 2015 11:52:48 -0400

Changed in mysql-5.5 (Ubuntu Utopic):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.5 - 5.5.44-0ubuntu0.12.04.1

---------------
mysql-5.5 (5.5.44-0ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.44 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2620
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757

 -- Marc Deslauriers <email address hidden> Thu, 16 Jul 2015 13:59:34 -0400

Changed in mysql-5.5 (Ubuntu Precise):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.5 - 5.5.44-0ubuntu0.14.04.1

---------------
mysql-5.5 (5.5.44-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Update to 5.5.44 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2620
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757

 -- Marc Deslauriers <email address hidden> Thu, 16 Jul 2015 13:36:50 -0400

Changed in mysql-5.5 (Ubuntu Trusty):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.6 - 5.6.25-0ubuntu0.15.04.1

---------------
mysql-5.6 (5.6.25-0ubuntu0.15.04.1) vivid-security; urgency=medium

  * SECURITY UPDATE: Update to 5.6.25 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2611
    - CVE-2015-2617
    - CVE-2015-2620
    - CVE-2015-2639
    - CVE-2015-2641
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-2661
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757
    - CVE-2015-4761
    - CVE-2015-4767
    - CVE-2015-4769
    - CVE-2015-4771
    - CVE-2015-4772

 -- Marc Deslauriers <email address hidden> Tue, 21 Jul 2015 07:21:06 -0400

Changed in mysql-5.6 (Ubuntu Vivid):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-5.6 - 5.6.25-0ubuntu1

---------------
mysql-5.6 (5.6.25-0ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: Update to 5.6.25 to fix security issues (LP: #1475294)
    - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
    - CVE-2015-2582
    - CVE-2015-2611
    - CVE-2015-2617
    - CVE-2015-2620
    - CVE-2015-2639
    - CVE-2015-2641
    - CVE-2015-2643
    - CVE-2015-2648
    - CVE-2015-2661
    - CVE-2015-4737
    - CVE-2015-4752
    - CVE-2015-4757
    - CVE-2015-4761
    - CVE-2015-4767
    - CVE-2015-4769
    - CVE-2015-4771
    - CVE-2015-4772

 -- Marc Deslauriers <email address hidden> Tue, 21 Jul 2015 07:09:29 -0400

Changed in mysql-5.6 (Ubuntu Wily):
status: Confirmed → Fix Released
Revision history for this message
Felipe Reyes (freyes) wrote :

mysql 5.6.25 also fixes CVE-2012-5615[0], quoting from cve.mitre.org[1] :

"""
Oracle MySQL 5.5.38 and earlier, **5.6.19 and earlier**, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
"""

[0] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5615.html
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.