Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2163 mysql-5.5 security update 15 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mysql-5.5 Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Root Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-6662 Reference: ESB-2016.2161 Original Bulletin: http://www.debian.org/security/2016/dsa-3666 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3666-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 14, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2016-6662 Dawid Golunski discovered that the mysqld_safe wrapper provided by the MySQL database server insufficiently restricted the load path for custom malloc implementations, which could result in privilege escalation. The vulnerability was addressed by upgrading MySQL to the new upstream version 5.5.52, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes for further details: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html For the stable distribution (jessie), this problem has been fixed in version 5.5.52-0+deb8u1. We recommend that you upgrade your mysql-5.5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJX2WdfAAoJEAVMuPMTQ89EHJ0P/2GguTleQy7sFNqsBZHsANTz MYYazcwSHQQbMiAVKGkzO5sT+UmUcgA3YavP3ZUrB1PEg+03d6sgvpEV1vq5bSmX 7Br+6qgj4Sz1LCPBf/iS/RJ4WpSRkVFNNWqyvZOyj0HvvDpASscO6XRvmJdVcSGn 6kl9qv4HxHY0LXAi4hxkD/h4aMjRwt7kG3PK32QAPqhn2bXXT3pdRZF1We8wFjS2 Tkxky3f8Ns4Ect2dbgNXYrlpcGODD9lYzESH8e4Cdrvsyyr/J39M8XH/va8uJfgS Db8VA2/hiy22jTMI0r2kqhgFcv5L6HK/FO9So5ON6zSAtLj4risMoXbclpMLe4qd saF+XQVAgaSvPZ6K0KuPJihmKj3XshzBDYO9aKsD1yiUfpu+IfRPUqyO1g7si4kD FbcIN2KnRnNROFsronsOWnyCQ8ffrKJokzRkzcpjU4qkFLK3rvpLkUvwm2+KTlCC W6ZtW9tpADr8hK7fcGKBPqj4aQTV2101Vuy08LSLqMMXq+kJF3VzsRlWctqodEpX /eSnwSeBvcigSZXWTcrwMt1vb+ixVSYkybFokvjjK5WEdH6LuO4YaBv6VuJewH2E FWxKBTHos5Uff2DNQz63B0As7ul6VjoWCcQhaY2e84WzIaVdJAcog5Rzf3IIBc+M ftF3slzWy/NPPG2SZURD =ihba - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV9n6tYx+lLeg9Ub1AQgUAQ/7B0jveLnijYvgwE04tF81+M9x86ZJNSCg SNEc3wMQkvykwfvRlhfMPB96XiFaWGXE8LXdmxInUyhNuBG5M9o5MwxFfEi4xrbY fbXUVTOsdC5HpsxvaXHIorEQ3l0LScL/oOffulidkJ7aqWSxrL5+huCOMjjsEd3p k27lTG/WXbZW+jTwEgmWNt3mz5nK9NA/6ja2++62uyZLrB7IJo8/6qoS9p980xAC sA+KuSCyZQniTx07iYioLpnF0pSGU8kNhGpxtlMpAOiqEENMahEV1IUhHGc4DqHj oRusYlSx8WFhl4GpLOE7rxs2DcsXLgBQKJ8ZvGmW4aI51cY2aag5zKaMCsXeCNYG r2V2KqhMQfN32SN5Ln5hVhfID5nMylQEDmlUQ9H3m6YArHnHlFsjctT9gzZqWy5V w2leybPIjCfS+xVgddwu94jp6R70M6KxFszGtmvIsLeRksPr6AlbEuTmIVmYs3XI E0OFdsDvxMq+UpQ4UW0Xg28SV0+No2pfr3hP6p7k0FYdf/qtgOIjqYAusTYRXkqX vvseCi5WYFpj7Lh7irqSao9zK3dE89NEBL66ulZRDAR4orLHzAJNOmOWlT+/0a6i bSMkPa+57rbTArGYyHzU/O+JLeAxyUoy5gPUzFOZvtH3fsjDSde+hoqmDvo/m3sd 56vbpZn9Mjg= =k2gM -----END PGP SIGNATURE-----