mysql55-mysql-5.5.52-1.AXS4

エラータID: AXSA:2016-715:03

Release date: 
Tuesday, November 1, 2016 - 04:42
Subject: 
mysql55-mysql-5.5.52-1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Severity: 
High
Description: 

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.

Security issues fixed with this release:

CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31
and earlier, and 5.7.13 and earlier allows remote authenticated users
to affect availability via vectors related to DML.
CVE-2016-5616
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: MyISAM.
CVE-2016-5617
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: Error Handling.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows
remote authenticated users to affect availability via vectors related
to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote administrators to
affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x
before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before
5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create
arbitrary configurations and bypass certain protection mechanisms by
setting general_log_file to a my.cnf configuration. NOTE: this can be
leveraged to execute arbitrary code with root privileges by setting
malloc_lib.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Types.

The following packages have been upgraded to a newer upstream version: mysql55-mysql (5.5.52).

Solution: 

Update packages.

CVEs: 
CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5617
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Additional Info: 

N/A

Download: 

SRPMS
  1. mysql55-mysql-5.5.52-1.AXS4.src.rpm
    MD5: b17d180f5c6df7679ebf27872361c43a
    SHA-256: a56de0d2e920875952345e1a674585f42a7e1ddd1bbaeaaac43dab17ae1e6c72
    Size: 19.37 MB

Asianux Server 4 for x86_64
  1. mysql55-mysql-5.5.52-1.AXS4.x86_64.rpm
    MD5: fecc16da9d9fc6a533c8fbf765f28da2
    SHA-256: e60aea1d7b14745e96f26ceae02a935c88c92ff62527224c34cc3a5808021bde
    Size: 5.75 MB
  2. mysql55-mysql-bench-5.5.52-1.AXS4.x86_64.rpm
    MD5: 27dfe2f8116b867e1d3f609c106ca718
    SHA-256: 90a51726f180a49b7e7a44010ba593451eca54b4bfc48f7850cda65564ac691f
    Size: 433.55 kB
  3. mysql55-mysql-devel-5.5.52-1.AXS4.x86_64.rpm
    MD5: 8e45e01a461a5e6f291ce6f7fa65e440
    SHA-256: 1533b0226bf5fc2e7f33a6ae73519a128471ad7cb9e49debd3ab11a06498e03b
    Size: 179.91 kB
  4. mysql55-mysql-libs-5.5.52-1.AXS4.x86_64.rpm
    MD5: 1ddd1d99531df765f6d1bf90e28df838
    SHA-256: 15a581cf69bd71f2787f55a6d4eccaf9b1bd8185bd1731f87f152883c2c3e19e
    Size: 218.93 kB
  5. mysql55-mysql-server-5.5.52-1.AXS4.x86_64.rpm
    MD5: 10fcd210bd6070c5c521236f360dc631
    SHA-256: a44ca59c976305f67012bc13aa3edbb1a68831b3cfdd0b37564b34cc8c37139f
    Size: 10.37 MB
  6. mysql55-mysql-test-5.5.52-1.AXS4.x86_64.rpm
    MD5: d3a49b8fa726e72f8953ffd5d2114404
    SHA-256: ee6f55e11d5c7a99a2e080dae61c2e5464cc986c5e5abb006d69bc35661288f5
    Size: 6.97 MB