Bug 1076369 - VUL-0: mysql: update to 5.5.59 in Oracle Jan2018 CPU
Summary: VUL-0: mysql: update to 5.5.59 in Oracle Jan2018 CPU
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3:SUSE:CVE-2018-2562:7.1:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-17 10:46 UTC by Marcus Meissner
Modified: 2018-02-12 11:11 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-01-17 10:46:11 UTC
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL

CVE-2018-2696  MySQL Server  Server : Security : Privileges  MySQL Protocol  
CVE-2018-2562  MySQL Server  Server : Partition  MySQL Protocol  
CVE-2018-2583  MySQL Server  Stored Procedure  MySQL Protocol  
CVE-2018-2612  MySQL Server  InnoDB  MySQL Protocol  
CVE-2018-2703  MySQL Server  Server : Security : Privileges  MySQL Protocol  
CVE-2018-2622  MySQL Server  Server: DDL  MySQL Protocol  
CVE-2018-2573  MySQL Server  Server: GIS  MySQL Protocol  
CVE-2018-2640  MySQL Server  Server: Optimizer  MySQL Protocol  
CVE-2018-2665  MySQL Server  Server: Optimizer  MySQL Protocol  
CVE-2018-2668  MySQL Server  Server: Optimizer  MySQL Protocol  
CVE-2017-3736  MySQL Connectors  Connector/ODBC (OpenSSL)  MySQL Protocol  
CVE-2017-3737  MySQL Server  Server: Packaging (OpenSSL)  MySQL Protocol  
CVE-2018-2647  MySQL Server  Server: Replication  MySQL Protocol  
CVE-2018-2591  MySQL Server  Server : Partition  MySQL Protocol  
CVE-2018-2576  MySQL Server  Server: DML  MySQL Protocol  
CVE-2018-2586  MySQL Server  Server: DML  MySQL Protocol  
CVE-2018-2646  MySQL Server  Server: DML  MySQL Protocol  
CVE-2018-2565  MySQL Server  Server: InnoDB  MySQL Protocol  
CVE-2018-2600  MySQL Server  Server: Optimizer  MySQL Protocol  
CVE-2018-2667  MySQL Server  Server: Optimizer  MySQL Protocol  
CVE-2018-2590  MySQL Server  Server: Performance Schema  MySQL Protocol  
CVE-2018-2645  MySQL Server  Server: Performance Schema  MySQL Protocol
Comment 1 Marcus Meissner 2018-01-17 10:47:27 UTC
5.5 seems only have:

CVE-2018-2562
CVE-2018-2622
CVE-2018-2640
CVE-2018-2665
CVE-2018-2668
Comment 2 Kristyna Streitova 2018-01-18 11:30:02 UTC
Submitted:

|     Codestream     |         Request         |
|--------------------|-------------------------|
| SLE-11-SP3         | #151712                 |
| openSUSE:Leap 42.2 | #567358                 |
| openSUSE:Leap 42.3 | #567358                 |
| openSUSE:Factory   | mysql is not in Factory |

I'm reassigning it back to the security-team.
Comment 4 Swamp Workflow Management 2018-01-18 12:00:06 UTC
This is an autogenerated message for OBS integration:
This bug (1076369) was mentioned in
https://build.opensuse.org/request/show/567358 42.2+42.3 / mysql-community-server
Comment 5 Swamp Workflow Management 2018-01-25 23:08:04 UTC
openSUSE-SU-2018:0223-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1076369
CVE References: CVE-2017-3737,CVE-2018-2562,CVE-2018-2573,CVE-2018-2583,CVE-2018-2590,CVE-2018-2591,CVE-2018-2612,CVE-2018-2622,CVE-2018-2640,CVE-2018-2645,CVE-2018-2647,CVE-2018-2665,CVE-2018-2668,CVE-2018-2696,CVE-2018-2703
Sources used:
openSUSE Leap 42.3 (src):    mysql-community-server-5.6.39-33.1
openSUSE Leap 42.2 (src):    mysql-community-server-5.6.39-24.15.1
Comment 6 Marcus Meissner 2018-02-12 07:46:06 UTC
released
Comment 7 Swamp Workflow Management 2018-02-12 11:11:11 UTC
SUSE-SU-2018:0422-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1076369
CVE References: CVE-2018-2562,CVE-2018-2622,CVE-2018-2640,CVE-2018-2665,CVE-2018-2668
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mysql-5.5.59-0.39.9.8
SUSE Linux Enterprise Server 11-SP4 (src):    mysql-5.5.59-0.39.9.8
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mysql-5.5.59-0.39.9.8