Home / mailings [USN-2170-1] MySQL vulnerabilities
Posted on 23 April 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2170-1
April 23, 2014
mysql-5.5 vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-5.5: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update include=
s
a new upstream MySQL version to fix these issues. MySQL has been updated =
to
5.5.37.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html=
Additionally, Matthias Reichl discovered that the mysql-5.5 packages were=
missing the patches applied previously in the mysql-5.1 packages to drop
the default test database and localhost permissions granting access to an=
y
databases starting with "test_". This update reintroduces these patches f=
or
Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10. Existing test databases=
and permissions will not be modified on upgrade. To manually restrict
access for existing installations, please refer to the following:
http://dev.mysql.com/doc/refman/5.5/en/default-privileges.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.37-0ubuntu0.14.04.1
Ubuntu 13.10:
mysql-server-5.5 5.5.37-0ubuntu0.13.10.1
Ubuntu 12.10:
mysql-server-5.5 5.5.37-0ubuntu0.12.10.1
Ubuntu 12.04 LTS:
mysql-server-5.5 5.5.37-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.=
References:
http://www.ubuntu.com/usn/usn-2170-1
CVE-2014-0001, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430,
CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438,
CVE-2014-2440
Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.37-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.37-0ubuntu0.13.10.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.37-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.37-0ubuntu0.12.04.1
