[USN-3078-1] MySQL vulnerability

Severity Medium

Affected Packages 27

CVEs 1

MySQL could be made to run programs as an administrator.

Dawid Golunski discovered that MySQL incorrectly handled configuration
files. A remote attacker could possibly use this issue to execute arbitrary
code with root privileges.

MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Ubuntu 16.04 LTS has been updated to MySQL 5.7.15.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html

Package	Affected Version
pkg:deb/ubuntu/mysql-testsuite?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-testsuite?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-testsuite-5.7?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-testsuite-5.5?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-source-5.7?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-source-5.5?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-server?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-server?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-server-core-5.7?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-server-core-5.5?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-server-5.7?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-server-5.5?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-common?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-common?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-client?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-client?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-client-core-5.7?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-client-core-5.5?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/mysql-client-5.7?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/mysql-client-5.5?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/libmysqld-pic?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/libmysqld-dev?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/libmysqld-dev?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/libmysqlclient20?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/libmysqlclient18?distro=trusty	< 5.5.52-0ubuntu0.14.04.1
pkg:deb/ubuntu/libmysqlclient-dev?distro=xenial	< 5.7.15-0ubuntu0.16.04.1
pkg:deb/ubuntu/libmysqlclient-dev?distro=trusty	< 5.5.52-0ubuntu0.14.04.1

ID

USN-3078-1

Severity

medium

URL

https://ubuntu.com/security/notices/USN-3078-1

Published

2016-09-13T16:56:00
(8 years ago)

Modified

2016-09-13T16:56:00
(8 years ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/mysql-testsuite?distro=xenial	ubuntu	mysql-testsuite	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-testsuite?distro=trusty	ubuntu	mysql-testsuite	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-testsuite-5.7?distro=xenial	ubuntu	mysql-testsuite-5.7	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-testsuite-5.5?distro=trusty	ubuntu	mysql-testsuite-5.5	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-source-5.7?distro=xenial	ubuntu	mysql-source-5.7	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-source-5.5?distro=trusty	ubuntu	mysql-source-5.5	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-server?distro=xenial	ubuntu	mysql-server	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-server?distro=trusty	ubuntu	mysql-server	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-server-core-5.7?distro=xenial	ubuntu	mysql-server-core-5.7	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-server-core-5.5?distro=trusty	ubuntu	mysql-server-core-5.5	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-server-5.7?distro=xenial	ubuntu	mysql-server-5.7	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-server-5.5?distro=trusty	ubuntu	mysql-server-5.5	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-common?distro=xenial	ubuntu	mysql-common	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-common?distro=trusty	ubuntu	mysql-common	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-client?distro=xenial	ubuntu	mysql-client	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-client?distro=trusty	ubuntu	mysql-client	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-client-core-5.7?distro=xenial	ubuntu	mysql-client-core-5.7	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-client-core-5.5?distro=trusty	ubuntu	mysql-client-core-5.5	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/mysql-client-5.7?distro=xenial	ubuntu	mysql-client-5.7	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/mysql-client-5.5?distro=trusty	ubuntu	mysql-client-5.5	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/libmysqld-pic?distro=trusty	ubuntu	libmysqld-pic	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/libmysqld-dev?distro=xenial	ubuntu	libmysqld-dev	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/libmysqld-dev?distro=trusty	ubuntu	libmysqld-dev	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/libmysqlclient20?distro=xenial	ubuntu	libmysqlclient20	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/libmysqlclient18?distro=trusty	ubuntu	libmysqlclient18	< 5.5.52-0ubuntu0.14.04.1	trusty
Affected	pkg:deb/ubuntu/libmysqlclient-dev?distro=xenial	ubuntu	libmysqlclient-dev	< 5.7.15-0ubuntu0.16.04.1	xenial
Affected	pkg:deb/ubuntu/libmysqlclient-dev?distro=trusty	ubuntu	libmysqlclient-dev	< 5.5.52-0ubuntu0.14.04.1	trusty

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date