Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-359-1 mysql-5.1

Debian Security Advisory

DLA-359-1 mysql-5.1 -- MySQL 5.5 packages added; end of support for MySQL 5.1

Date Reported:

16 Dec 2015

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-4752, CVE-2015-4737, CVE-2015-2648, CVE-2015-2643, CVE-2015-2620, CVE-2015-2582, CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913.

More information:

Oracle, the upstream maintainer of MySQL, no longer supports MySQL version 5.1, which is included in Debian 6.0 squeeze. MySQL 5.1 likely suffers from multiple vulnerabilities fixed in newer versions after the end of upstream support, but Oracle does not disclose enough information either to verify or to fix them.

As an alternative, the Debian LTS team is providing MySQL 5.5 packages for use in Debian 6.0 squeeze. We recommend that Squeeze LTS users install them and migrate their MySQL databases.

Please note that a dist-upgrade will not consider these MySQL 5.5 packages automatically, so users need to install them explicitly.

If you are running a MySQL server:

apt-get install mysql-server-5.5

If you only need the MySQL client:

apt-get install mysql-client-5.5

Compatibility updates

Some packages were updated to solve incompatibility issues, that were fixed in the following versions:

• bacula-director-mysql 5.0.2-2.2+squeeze2
• cacti 0.8.7g-1+squeeze9
• phpmyadmin 4:3.3.7-10
• postfix-policyd 1.82-2+deb6u1
• prelude-manager 1.0.0-1+deb6u1

We recommend that you upgrade these packages before upgrading to MySQL 5.5. A common dist-upgrade should be enough.

We have done our best to provide you with reliable MySQL 5.5 packages. We have made available test packages for some time, although we did not get any feedback from users. In any case, don't hesitate to report any issues related to this MySQL upgrade to debian-lts@lists.debian.org.