Page MenuHomeDevCentral
Create Task
Maniphest T505

Security issues on Ysul
Closed, ResolvedPublic
Actions

Description

The following packages contains vulnerabilities and should be upgraded:

  • apache24-2.4.12
  • libwmf-0.2.8.4_13
  • mysql56-server-5.6.24
  • openssl-1.0.2_3
  • php56-mysql-5.6.10
  • php56-mysqli-5.6.10
  • php56-sqlite3-5.6.10
  • py27-django-1.7.7
  • v8-3.18.5

2015-07-29 update. Per 106, we have also:

  • pcre-8.37_1
  • gdk-pixbuf2-2.31.2_1

Strangely, the mysql56-server-5.6.25 vulnerability isn't listed anymore.

Related Objects

Mentioned In
P101 pkg audit on Ysul
Mentioned Here
P106 pkg audit

Event Timeline

dereckson claimed this task.Jul 19 2015, 19:04
dereckson added a subscriber: dereckson.
dereckson triaged this task as High priority.Jul 19 2015, 19:04
dereckson added projects: Servers, security.
dereckson updated the task description. (Show Details)Jul 19 2015, 19:07
dereckson added a comment.EditedJul 19 2015, 19:09

System log
Jul 19 19:09:20 ysul pkg: libxml2 reinstalled: 2.9.2_3 -> 2.9.2_3
Jul 19 19:09:56 ysul pkg: mysql56-client upgraded: 5.6.24_1 -> 5.6.25_1
Jul 19 19:09:56 ysul pkg: py27-sqlite3 upgraded: 2.7.9_6 -> 2.7.10_6
Jul 19 19:10:17 ysul pkg: apache24 upgraded: 2.4.12 -> 2.4.16
Jul 19 19:10:19 ysul pkg: libwmf upgraded: 0.2.8.4_13 -> 0.2.8.4_14
Jul 19 19:10:49 ysul pkg: mysql56-server upgraded: 5.6.24 -> 5.6.25
Jul 19 19:11:13 ysul pkg: openssl upgraded: 1.0.2_3 -> 1.0.2_4
Jul 19 19:11:14 ysul pkg: php56-mysql upgraded: 5.6.10 -> 5.6.11
Jul 19 19:11:14 ysul pkg: php56-mysqli upgraded: 5.6.10 -> 5.6.11
Jul 19 19:11:14 ysul pkg: php56-sqlite3 upgraded: 5.6.10 -> 5.6.11
Jul 19 19:12:05 ysul pkg: py27-django upgraded: 1.7.7 -> 1.8.3

Commands log

$ pkg upgrade apache24 libwmf mysql56-server openssl php56-mysql php56-mysqli php56-sqlite3 py27-django v8
[...]
Installed packages to be UPGRADED:
        apache24: 2.4.12 -> 2.4.16
        libwmf: 0.2.8.4_13 -> 0.2.8.4_14
        mysql56-server: 5.6.24 -> 5.6.25
        openssl: 1.0.2_3 -> 1.0.2_4
        php56-mysql: 5.6.10 -> 5.6.11
        php56-mysqli: 5.6.10 -> 5.6.11
        php56-sqlite3: 5.6.10 -> 5.6.11
        py27-django: 1.7.7 -> 1.8.3
        mysql56-client: 5.6.24_1 -> 5.6.25_1
        py27-sqlite3: 2.7.9_6 -> 2.7.10_6

Installed packages to be REINSTALLED:
        libxml2-2.9.2_3 (options changed)
[...]

Still to upgrade

The following ports hasn't been available as an up-to-date package yet:

  • databases/mysql56-server (we upgraded to a more recent version, but still a vulnerable one)
  • lang/v8
dereckson mentioned this in P101 pkg audit on Ysul.Jul 19 2015, 20:15
dereckson updated the task description. (Show Details)Jul 20 2015, 14:12
dereckson added a comment.Jul 20 2015, 20:14

Still no package available for MySQL server or v8.

dereckson added a comment.Jul 29 2015, 14:33

Adding P106 into the mix.

dereckson updated the task description. (Show Details)Jul 29 2015, 14:35
dereckson added a comment.Jul 29 2015, 14:38

Jul 29 14:36:26 ysul pkg: pcre upgraded: 8.37_1 -> 8.37_2
Jul 29 14:36:29 ysul pkg: gdk-pixbuf2 upgraded: 2.31.2_1 -> 2.31.2_2

dereckson updated the task description. (Show Details)Jul 29 2015, 14:38
dereckson closed this task as Resolved.Aug 7 2015, 11:13

Aug 7 11:11:45 ysul pkg: v8 upgraded: 3.18.5 -> 3.18.5_1

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator