RedHat: RHSA-2018-1254:01 Moderate: rh-mysql56-mysql security update
Summary
MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version:
rh-mysql56-mysql (5.6.40). (BZ#1571242)
Security Fix(es):
* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2755)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr
2018) (CVE-2018-2758)
* mysql: Client programs unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2761)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2766)
* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2771)
* mysql: Client programs unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2773)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2781)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2782)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2784)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2787)
* mysql: GIS Extension unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2805)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2813)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2817)
* mysql: Server : Security : Privileges unspecified vulnerability (CPU Apr
2018) (CVE-2018-2818)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically.
References
https://access.redhat.com/security/cve/CVE-2018-2755 https://access.redhat.com/security/cve/CVE-2018-2758 https://access.redhat.com/security/cve/CVE-2018-2761 https://access.redhat.com/security/cve/CVE-2018-2766 https://access.redhat.com/security/cve/CVE-2018-2771 https://access.redhat.com/security/cve/CVE-2018-2773 https://access.redhat.com/security/cve/CVE-2018-2781 https://access.redhat.com/security/cve/CVE-2018-2782 https://access.redhat.com/security/cve/CVE-2018-2784 https://access.redhat.com/security/cve/CVE-2018-2787 https://access.redhat.com/security/cve/CVE-2018-2805 https://access.redhat.com/security/cve/CVE-2018-2813 https://access.redhat.com/security/cve/CVE-2018-2817 https://access.redhat.com/security/cve/CVE-2018-2818 https://access.redhat.com/security/cve/CVE-2018-2819 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-mysql56-mysql-5.6.40-1.el6.src.rpm
x86_64:
rh-mysql56-mysql-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-bench-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-common-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-config-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-devel-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-server-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-test-5.6.40-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-mysql56-mysql-5.6.40-1.el6.src.rpm
x86_64:
rh-mysql56-mysql-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-bench-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-common-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-config-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-devel-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-server-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-test-5.6.40-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-mysql56-mysql-5.6.40-1.el6.src.rpm
x86_64:
rh-mysql56-mysql-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-bench-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-common-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-config-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-devel-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-server-5.6.40-1.el6.x86_64.rpm
rh-mysql56-mysql-test-5.6.40-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-mysql56-mysql-5.6.40-1.el7.src.rpm
x86_64:
rh-mysql56-mysql-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-bench-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-common-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-config-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-devel-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-server-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-test-5.6.40-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-mysql56-mysql-5.6.40-1.el7.src.rpm
x86_64:
rh-mysql56-mysql-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-bench-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-common-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-config-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-devel-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-server-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-test-5.6.40-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-mysql56-mysql-5.6.40-1.el7.src.rpm
x86_64:
rh-mysql56-mysql-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-bench-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-common-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-config-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-devel-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-server-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-test-5.6.40-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source:
rh-mysql56-mysql-5.6.40-1.el7.src.rpm
x86_64:
rh-mysql56-mysql-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-bench-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-common-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-config-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-devel-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-server-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-test-5.6.40-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-mysql56-mysql-5.6.40-1.el7.src.rpm
x86_64:
rh-mysql56-mysql-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-bench-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-common-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-config-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-debuginfo-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-devel-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-errmsg-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-server-5.6.40-1.el7.x86_64.rpm
rh-mysql56-mysql-test-5.6.40-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for rh-mysql56-mysql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Bugs Fixed
1568921 - CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
1568922 - CVE-2018-2758 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018)
1568924 - CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
1568926 - CVE-2018-2766 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568931 - CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
1568932 - CVE-2018-2773 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
1568942 - CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568943 - CVE-2018-2782 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568944 - CVE-2018-2784 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568946 - CVE-2018-2787 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568948 - CVE-2018-2805 mysql: GIS Extension unspecified vulnerability (CPU Apr 2018)
1568951 - CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
1568954 - CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
1568955 - CVE-2018-2818 mysql: Server : Security : Privileges unspecified vulnerability (CPU Apr 2018)
1568956 - CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)