[Bug 1309662] Re: mysql 5.5.37 security update tracking bug
Launchpad Bug Tracker
1309662 at bugs.launchpad.net
Wed Apr 23 12:43:12 UTC 2014
This bug was fixed in the package mysql-5.5 - 5.5.37-0ubuntu0.13.10.1
---------------
mysql-5.5 (5.5.37-0ubuntu0.13.10.1) saucy-security; urgency=medium
* SECURITY UPDATE: Update to 5.5.37 to fix security issues (LP: #1309662)
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- CVE-2014-0001
- CVE-2014-0384
- CVE-2014-2419
- CVE-2014-2430
- CVE-2014-2431
- CVE-2014-2432
- CVE-2014-2436
- CVE-2014-2438
- CVE-2014-2440
* Drop creation of insecure database permissions:
- d/p/33_scripts__mysql_create_system_tables__no_test.patch,
d/p/41_scripts__mysql_install_db.sh__no_test.patch,
d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
package, inadvertently dropped in 5.5 transition. This
removes the global anonymous access to the database which
is a security concern.
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Sat, 19 Apr 2014 20:45:09 -0400
** Changed in: mysql-5.5 (Ubuntu Saucy)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0001
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0384
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2419
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2430
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2431
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2432
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2436
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2438
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2440
** Changed in: mysql-5.5 (Ubuntu Quantal)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-5.5 in Ubuntu.
https://bugs.launchpad.net/bugs/1309662
Title:
mysql 5.5.37 security update tracking bug
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1309662/+subscriptions
More information about the Ubuntu-server-bugs
mailing list