[SECURITY] [DSA 3377-1] mysql-5.5 security update

Salvatore Bonaccorso <carnil@xxxxxxxxxx> · Sat, 24 Oct 2015 08:06:52 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3377-1                   security@xxxxxxxxxx
https://www.debian.org/security/                     Salvatore Bonaccorso
October 24, 2015                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mysql-5.5
CVE ID         : CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816
                 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836
                 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879
                 CVE-2015-4913
Debian Bug     : 802564

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.46. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details:

 https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html
 https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html
 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

For the oldstable distribution (wheezy), these problems have been fixed
in version 5.5.46-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 5.5.46-0+deb8u1.

We recommend that you upgrade your mysql-5.5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWKzv9AAoJEAVMuPMTQ89E41QP/jcGxt1XhvT8aOijsMaueql7
oh3C5JnDl1EZGJbwFeFo5mCeiuYTirMJ86nc6Sb8FBn2I4/PChkmIQDen2O6E5w5
8RNb3ANnyhGLcXPZ/2nybQjTDRNQ501ZELm1Nl6Tbcfs7LEDYIrpNuxlI1OgQVeU
r5n6H4/iFKfakikxx/nzcMjp5+43A9wvNmVvkrg3FK7sMKs/WvaTtKm12sBi2LKo
FHhJJbBabo97McaH5kQoTkqz8m2REhb3b+/P65eRDYPmOzb+ylsujlz0wqjHPtXd
MmcdKyt24Z7Ra222WVJhl/vP0MuKQu5GX8IiSgRRYbTQXNrAUzPxpR4ACj+jtaG6
DKYgAG5nWjBbVy8cHRtuRgItgzptFiq8LIYqXfp1r1KDmrI6HSfRZRSKVcjcxe4w
oV5NMpkl1hKy4hen1Xec8+gbw3wjSfeE/4BKSK7fubcGm2cOOkbDMbzJiCUFXTg/
HPVjq8yOqOTnXMGBqu1KdCliY8YRDdWtGKtdodSbNMmt7GT60k7xNhhb6BNQ9VYW
2nf+CbKaAT9m7hEryxA6ZtY+02dQGRNzjHxCJMXqgH0GhLDEr7iVP3tKlkQNrhrH
zccWQUFg86sYslYwQInpZ3gw+SimeZqY7Zz+94fThOEIg5Qz8MUqCdMU0oFIUqBg
fZpAOKgYl4KI4Xk1MIoI
=gyii
-----END PGP SIGNATURE-----