RedHat: RHSA-2018-0587:01 Important: rh-mysql56-mysql security update
Summary
MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version:
rh-mysql56-mysql (5.6.39). (BZ#1533831)
Security Fix(es):
* mysql: sha256_password authentication DoS via long password
(CVE-2018-2696)
* mysql: Server : Partition unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2562)
* mysql: Server: GIS unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2573)
* mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2583)
* mysql: Server: Performance Schema unspecified vulnerability (CPU Jan
2018) (CVE-2018-2590)
* mysql: Server : Partition unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2591)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2622)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2640)
* mysql: Server: Performance Schema unspecified vulnerability (CPU Jan
2018) (CVE-2018-2645)
* mysql: Server: Replication unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2647)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2665)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2668)
* mysql: sha256_password authentication DoS via hash with large rounds
value (CVE-2018-2703)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
The CVE-2018-2696 and CVE-2018-2703 issues were discovered by Red Hat
Product Security.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically.
References
https://access.redhat.com/security/cve/CVE-2018-2562 https://access.redhat.com/security/cve/CVE-2018-2573 https://access.redhat.com/security/cve/CVE-2018-2583 https://access.redhat.com/security/cve/CVE-2018-2590 https://access.redhat.com/security/cve/CVE-2018-2591 https://access.redhat.com/security/cve/CVE-2018-2612 https://access.redhat.com/security/cve/CVE-2018-2622 https://access.redhat.com/security/cve/CVE-2018-2640 https://access.redhat.com/security/cve/CVE-2018-2645 https://access.redhat.com/security/cve/CVE-2018-2647 https://access.redhat.com/security/cve/CVE-2018-2665 https://access.redhat.com/security/cve/CVE-2018-2668 https://access.redhat.com/security/cve/CVE-2018-2696 https://access.redhat.com/security/cve/CVE-2018-2703 https://access.redhat.com/security/updates/classification/#important https://www.oracle.com/security-alerts/cpujan2018.html https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html
Package List
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-mysql56-mysql-5.6.39-1.el6.1.src.rpm
x86_64:
rh-mysql56-mysql-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-bench-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-common-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-config-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-devel-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-server-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-test-5.6.39-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-mysql56-mysql-5.6.39-1.el6.1.src.rpm
x86_64:
rh-mysql56-mysql-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-bench-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-common-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-config-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-devel-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-server-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-test-5.6.39-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-mysql56-mysql-5.6.39-1.el6.1.src.rpm
x86_64:
rh-mysql56-mysql-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-bench-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-common-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-config-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-devel-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-server-5.6.39-1.el6.1.x86_64.rpm
rh-mysql56-mysql-test-5.6.39-1.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm
x86_64:
rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm
x86_64:
rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm
x86_64:
rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm
x86_64:
rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm
rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for rh-mysql56-mysql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Bugs Fixed
1509475 - CVE-2018-2696 mysql: sha256_password authentication DoS via long password
1534139 - CVE-2018-2703 mysql: sha256_password authentication DoS via hash with large rounds value
1535484 - CVE-2018-2562 mysql: Server : Partition unspecified vulnerability (CPU Jan 2018)
1535487 - CVE-2018-2573 mysql: Server: GIS unspecified vulnerability (CPU Jan 2018)
1535490 - CVE-2018-2583 mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018)
1535492 - CVE-2018-2590 mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018)
1535493 - CVE-2018-2591 mysql: Server : Partition unspecified vulnerability (CPU Jan 2018)
1535497 - CVE-2018-2612 mysql: InnoDB unspecified vulnerability (CPU Jan 2018)
1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535501 - CVE-2018-2645 mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018)
1535503 - CVE-2018-2647 mysql: Server: Replication unspecified vulnerability (CPU Jan 2018)
1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)