mysql55-mysql-5.5.52-1.el7

エラータID: AXSA:2016-716:03

Release date: 
Tuesday, November 1, 2016 - 04:47
Subject: 
mysql55-mysql-5.5.52-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.

Security issues fixed with this release:

CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31
and earlier, and 5.7.13 and earlier allows remote authenticated users
to affect availability via vectors related to DML.
CVE-2016-5616
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: MyISAM.
CVE-2016-5617
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: Error Handling.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows
remote authenticated users to affect availability via vectors related
to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote administrators to
affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x
before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before
5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create
arbitrary configurations and bypass certain protection mechanisms by
setting general_log_file to a my.cnf configuration. NOTE: this can be
leveraged to execute arbitrary code with root privileges by setting
malloc_lib.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Types.

The following packages have been upgraded to a newer upstream version: mysql55-mysql (5.5.52).

Solution: 

Update packages.

CVEs: 
CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5617
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Additional Info: 

N/A

Download: 

SRPMS
  1. mysql55-mysql-5.5.52-1.el7.src.rpm
    MD5: ec92c788e31e358abf5c191675533075
    SHA-256: 74ec852aa529707758f4f350c82b99e7e0b1e8e92fbd041ba38f5155afd156ff
    Size: 19.38 MB

Asianux Server 7 for x86_64
  1. mysql55-mysql-5.5.52-1.el7.x86_64.rpm
    MD5: 9e6bf0aa02b05e19dced151c11f7f9ca
    SHA-256: 8367bcb5681b5c434cd40303083061eb1141f22dad75069d0329853f0778fdc5
    Size: 4.54 MB
  2. mysql55-mysql-bench-5.5.52-1.el7.x86_64.rpm
    MD5: c601caadba07219171e898f7765b8313
    SHA-256: 5666dd677e039f6a04fe751e01cafa3d680d85d65402254d86c0ebe2a38100e1
    Size: 422.26 kB
  3. mysql55-mysql-devel-5.5.52-1.el7.x86_64.rpm
    MD5: 518dd1a46095ec0ae38ed9619cd30b09
    SHA-256: 8b1d6688bfacae81bb8c04827275b995c214be72dee18f3eb88586b025be3dfa
    Size: 179.54 kB
  4. mysql55-mysql-libs-5.5.52-1.el7.x86_64.rpm
    MD5: 31351d76a10e1511f007baed3ded0a80
    SHA-256: 1c1bc2b1dd5149b211fb756669752c7c963ed7189a7cd4c054b9016db3b4e472
    Size: 218.18 kB
  5. mysql55-mysql-server-5.5.52-1.el7.x86_64.rpm
    MD5: d1fda465a78f10128308bc4e1b2550a9
    SHA-256: af550ef884fe23bae22b64a88e7a1b119a740b79227ae0954158af6c5af4160e
    Size: 8.83 MB
  6. mysql55-mysql-test-5.5.52-1.el7.x86_64.rpm
    MD5: 0abff1ec95b256b118ef786b6c67bcb6
    SHA-256: 25eca214409bfb7490e913a925725cc1734b2ef9c94b54bb2a43383acb17f79c
    Size: 6.30 MB