Mirantis OpenStack

Multiple MySQL 5.5 and 5.6 vulnerabilities

  1. Series 9.x
  2. Bug #1578370
Bug #1578370 reported by Adam Heczko
272
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Fix Released
High
MOS Linux
Mirantis OpenStack 9.2
5.1.x
Won't Fix
High
MOS Maintenance
Mirantis OpenStack 5.1.1-updates
6.0.x
Won't Fix
High
MOS Maintenance
Mirantis OpenStack 6.0-updates
6.1.x
Won't Fix
High
MOS Maintenance
Mirantis OpenStack 6.1-updates
7.0.x
Fix Released
High
MOS Linux
Mirantis OpenStack 7.0-mu-5
8.0.x
Fix Released
High
MOS Linux
Mirantis OpenStack 8.0-mu-3
9.x
Fix Released
High
MOS Linux
Mirantis OpenStack 9.2

Bug Description

==========================================================================
Ubuntu Security Notice USN-2953-1
April 21, 2016

mysql-5.5, mysql-5.6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-5.6: MySQL database
- mysql-5.5: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Ubuntu 15.10 has been updated to MySQL 5.6.30.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
  mysql-server-5.6 5.6.30-0ubuntu0.15.10.1

Ubuntu 14.04 LTS:
  mysql-server-5.5 5.5.49-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  mysql-server-5.5 5.5.49-0ubuntu0.12.04.1

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2953-1
  CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642,
  CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647,
  CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0655,
  CVE-2016-0661, CVE-2016-0665, CVE-2016-0666, CVE-2016-0668,
  CVE-2016-2047

Package Information:
  https://launchpad.net/ubuntu/+source/mysql-5.6/5.6.30-0ubuntu0.15.10.1
  https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.49-0ubuntu0.14.04.1
  https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.49-0ubuntu0.12.04.1

Adam Heczko (aheczko-mirantis)
Changed in mos:
assignee: nobody → MOS Maintenance (mos-maintenance)
Vitaly Sedelnik (vsedelnik)
Changed in mos:
status: New → Confirmed
Revision history for this message
Denis Meltsaykin (dmeltsaykin) wrote :

Reassigning the bug to the MOS-Linux team per a conversation with Oleksandr Mogylchenko.

Changed in mos:
assignee: MOS Maintenance (mos-maintenance) → MOS Linux (mos-linux)
Revision history for this message
Anton Matveev (amatveev) wrote :

sla1 for MOS 7.0

tags: added: customer-found sla1
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix proposed to packages/trusty/mysql-wsrep-5.6 (master)

Related fix proposed to branch: master
Change author: Ivan Suzdal <email address hidden>
Review: https://review.fuel-infra.org/21933

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on packages/trusty/mysql-wsrep-5.6 (master)

Change abandoned by Ivan Suzdal <email address hidden> on branch: master
Review: https://review.fuel-infra.org/21933

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix proposed to packages/trusty/mysql-wsrep-5.6 (master)

Related fix proposed to branch: master
Change author: Ivan Suzdal <email address hidden>
Review: https://review.fuel-infra.org/21937

Adam Heczko (aheczko-mirantis)
tags: added: feature-security
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix proposed to packages/trusty/mysql-wsrep-5.6 (9.0)

Related fix proposed to branch: 9.0
Change author: Ivan Suzdal <email address hidden>
Review: https://review.fuel-infra.org/22980

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote :

Related fix proposed to branch: 9.0
Change author: Ivan Suzdal <email address hidden>
Review: https://review.fuel-infra.org/22988

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on packages/trusty/mysql-wsrep-5.6 (master)

Change abandoned by Ivan Suzdal <email address hidden> on branch: master
Review: https://review.fuel-infra.org/21937

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on packages/trusty/mysql-wsrep-5.6 (9.0)

Change abandoned by Ivan Suzdal <email address hidden> on branch: 9.0
Review: https://review.fuel-infra.org/22980

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix proposed to packages/trusty/mysql-wsrep-5.6 (7.0)

Related fix proposed to branch: 7.0
Change author: Ivan Suzdal <email address hidden>
Review: https://review.fuel-infra.org/23145

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix proposed to packages/trusty/mysql-wsrep-5.6 (8.0)

Related fix proposed to branch: 8.0
Change author: Ivan Suzdal <email address hidden>
Review: https://review.fuel-infra.org/23178

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix merged to packages/trusty/mysql-wsrep-5.6 (7.0)

Reviewed: https://review.fuel-infra.org/23145
Submitter: Pkgs Jenkins <email address hidden>
Branch: 7.0

Commit: afa0945f8acb12835a81383ef3f32369328796a8
Author: Ivan Suzdal <email address hidden>
Date: Mon Jul 11 13:40:54 2016

Security update:

  * Update to 5.6.30 to fix security issues (LP: #1572559)
    - http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
    - http://www.ubuntu.com/usn/usn-2953-1
    - CVE-2016-0639
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047

Sourced from https://github.com/codership/mysql-wsrep/tree/wsrep_5.6.30-25.15

(cherry picked from 6e960091521d83e66c9fcc4acb0d2045110511b4)

Change-Id: I1923a2a227c3fee1e07924e84faa358be6ea608f
Related-Bug: #1578370

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix merged to packages/trusty/mysql-wsrep-5.6 (9.0)

Reviewed: https://review.fuel-infra.org/22988
Submitter: Pkgs Jenkins <email address hidden>
Branch: 9.0

Commit: 6e960091521d83e66c9fcc4acb0d2045110511b4
Author: Ivan Suzdal <email address hidden>
Date: Fri Jul 8 17:39:21 2016

Security update:

  * Update to 5.6.30 to fix security issues (LP: #1572559)
    - http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
    - http://www.ubuntu.com/usn/usn-2953-1
    - CVE-2016-0639
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047

Sourced from https://github.com/codership/mysql-wsrep/tree/wsrep_5.6.30-25.15

Change-Id: I1923a2a227c3fee1e07924e84faa358be6ea608f
Related-Bug: #1578370

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix merged to packages/trusty/mysql-wsrep-5.6 (8.0)

Reviewed: https://review.fuel-infra.org/23178
Submitter: Pkgs Jenkins <email address hidden>
Branch: 8.0

Commit: 58e53bfff47aa851048400423c4c23c07bceff18
Author: Ivan Suzdal <email address hidden>
Date: Tue Jul 12 12:39:32 2016

Security update:

  * Update to 5.6.30 to fix security issues (LP: #1572559)
    - http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
    - http://www.ubuntu.com/usn/usn-2953-1
    - CVE-2016-0639
    - CVE-2016-0640
    - CVE-2016-0641
    - CVE-2016-0642
    - CVE-2016-0643
    - CVE-2016-0644
    - CVE-2016-0646
    - CVE-2016-0647
    - CVE-2016-0648
    - CVE-2016-0649
    - CVE-2016-0650
    - CVE-2016-0655
    - CVE-2016-0661
    - CVE-2016-0665
    - CVE-2016-0666
    - CVE-2016-0668
    - CVE-2016-2047

Sourced from https://github.com/codership/mysql-wsrep/tree/wsrep_5.6.30-25.15

Change-Id: I1923a2a227c3fee1e07924e84faa358be6ea608f
Related-Bug: #1578370

Revision history for this message
Dmitry Teselkin (teselkin-d) wrote :

https://review.fuel-infra.org/#/c/22988/ - merged

Revision history for this message
TatyanaGladysheva (tgladysheva) wrote :

Verified on MOS 7.0 + MU5 updates.

Mysql packages were installed successfully during deployment of 7.0 with MU5 updates:
root@node-8:~# dpkg -l | grep mysql | grep 5.6.30
ii mysql-client-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database client binaries
ii mysql-client-core-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database core client binaries
ii mysql-server-wsrep-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database server binaries and system database setup
ii mysql-server-wsrep-core-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database server binaries
ii mysql-wsrep-common-5.6 5.6.30-0~u14.04+mos1 all MySQL 5.6 specific common files, e.g. /etc/mysql/conf.d/my-5.6.cnf

Revision history for this message
TatyanaGladysheva (tgladysheva) wrote :

Verified on MOS 8.0 + MU3 updates.

Mysql packages were installed successfully during deployment of 8.0 with MU3 updates:
root@node-1:~# dpkg -l | grep mysql | grep 5.6.30
ii mysql-client-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database client binaries
ii mysql-client-core-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database core client binaries
ii mysql-server-wsrep-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database server binaries and system database setup
ii mysql-server-wsrep-core-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database server binaries
ii mysql-wsrep-common-5.6 5.6.30-0~u14.04+mos1 all MySQL 5.6 specific common files, e.g. /etc/mysql/conf.d/my-5.6.cnf

TatyanaGladysheva (tgladysheva)
tags: added: on-verification
TatyanaGladysheva (tgladysheva)
tags: removed: on-verification
Revision history for this message
Maksym Shalamov (mshalamov) wrote :

Verified on MOS 9.1(snapshot #207)

MySQL packages were installed successfully during deployment of 9.1:

root@node-1:~# dpkg -l | grep mysql | grep 5.6.30
ii mysql-client-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database client binaries
ii mysql-client-core-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database core client binaries
ii mysql-server-wsrep-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database server binaries and system database setup
ii mysql-server-wsrep-core-5.6 5.6.30-0~u14.04+mos1 amd64 MySQL database server binaries
ii mysql-wsrep-common-5.6 5.6.30-0~u14.04+mos1 all MySQL 5.6 specific common files, e.g. /etc/mysql/conf.d/my-5.6.cnf

Sergii Turivnyi (sturivnyi)
tags: added: on-verification
Revision history for this message
Maksim Malchuk (mmalchuk) wrote :

https://review.fuel-infra.org/#/c/26325/
reverted because of LP#1620268 and LP#1621448

Revision history for this message
Roman Vyalov (r0mikiam) wrote :

the bug was moved to new for 9.1 because of LP#1620268 and LP#1621448. Also the new version of mysql was removed in the proposed repos

Revision history for this message
Ivan Suzdal (isuzdal) wrote :

Forgot to add 'Related-Bug' in https://review.fuel-infra.org/#/c/26542/ , sorry.
Version from this request contains all of these security patches.

Revision history for this message
TatyanaGladysheva (tgladysheva) wrote :

Verified on MOS 9.2 snapshot #511.

MySQL packages were installed successfully during deployment of 9.2:

root@node-1:~# dpkg -l | grep mysql | grep 5.6.33
ii mysql-client-5.6 5.6.33-0~u14.04+mos3 amd64 MySQL database client binaries
ii mysql-client-core-5.6 5.6.33-0~u14.04+mos3 amd64 MySQL database core client binaries
ii mysql-server-wsrep-5.6 5.6.33-0~u14.04+mos3 amd64 MySQL database server binaries and system database setup
ii mysql-server-wsrep-core-5.6 5.6.33-0~u14.04+mos3 amd64 MySQL database server binaries
ii mysql-wsrep-common-5.6 5.6.33-0~u14.04+mos3 all MySQL 5.6 specific common files, e.g. /etc/mysql/conf.d/my-5.6.cnf

tags: removed: on-verification
Revision history for this message
Alexey Stupnikov (astupnikov) wrote :

We no longer support MOS 5.1 and MOS 6.0. Moving bug to 'Won't Fix' for those milestones.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.