Re: Security ERRATA Moderate: mysql on SL6.x i386/x86_64

[Bonnie King]

Slpackages working?

Pat Riehecky <riehe...@fnal.gov> wrote:

>Synopsis:          Moderate: mysql security and bug fix update
>Advisory ID:       SLSA-2014:0164-1
>Issue Date:        2014-02-12
>CVE Numbers:       CVE-2013-5908
>                   CVE-2014-0386
>                   CVE-2014-0393
>                   CVE-2014-0401
>                   CVE-2014-0402
>                   CVE-2014-0412
>                   CVE-2014-0437
>                   CVE-2014-0001
>--
>
>(CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402,
>CVE-2014-0412, CVE-2014-0437, CVE-2013-5908)
>
>A buffer overflow flaw was found in the way the MySQL command line client
>tool (mysql) processed excessively long version strings. If a user
>connected to a malicious MySQL server via the mysql client, the server
>could use this flaw to crash the mysql client or, potentially, execute
>arbitrary code as the user running the mysql client. (CVE-2014-0001)
>
>This update also fixes the following bug:
>
>* Prior to this update, MySQL did not check whether a MySQL socket was
>actually being used by any process before starting the mysqld service. If
>a particular mysqld service did not exit cleanly while a socket was being
>used by a process, this socket was considered to be still in use during
>the next start-up of this service, which resulted in a failure to start
>the service up. With this update, if a socket exists but is not used by
>any process, it is ignored during the mysqld service start-up.
>
>After installing this update, the MySQL server daemon (mysqld) will be
>restarted automatically.
>--
>
>SL6
>  x86_64
>    mysql-5.1.73-3.el6_5.x86_64.rpm
>    mysql-debuginfo-5.1.73-3.el6_5.i686.rpm
>    mysql-debuginfo-5.1.73-3.el6_5.x86_64.rpm
>    mysql-libs-5.1.73-3.el6_5.i686.rpm
>    mysql-libs-5.1.73-3.el6_5.x86_64.rpm
>    mysql-server-5.1.73-3.el6_5.x86_64.rpm
>    mysql-bench-5.1.73-3.el6_5.x86_64.rpm
>    mysql-devel-5.1.73-3.el6_5.i686.rpm
>    mysql-devel-5.1.73-3.el6_5.x86_64.rpm
>    mysql-embedded-5.1.73-3.el6_5.i686.rpm
>    mysql-embedded-5.1.73-3.el6_5.x86_64.rpm
>    mysql-embedded-devel-5.1.73-3.el6_5.i686.rpm
>    mysql-embedded-devel-5.1.73-3.el6_5.x86_64.rpm
>    mysql-test-5.1.73-3.el6_5.x86_64.rpm
>  i386
>    mysql-5.1.73-3.el6_5.i686.rpm
>    mysql-debuginfo-5.1.73-3.el6_5.i686.rpm
>    mysql-libs-5.1.73-3.el6_5.i686.rpm
>    mysql-server-5.1.73-3.el6_5.i686.rpm
>    mysql-bench-5.1.73-3.el6_5.i686.rpm
>    mysql-devel-5.1.73-3.el6_5.i686.rpm
>    mysql-embedded-5.1.73-3.el6_5.i686.rpm
>    mysql-embedded-devel-5.1.73-3.el6_5.i686.rpm
>    mysql-test-5.1.73-3.el6_5.i686.rpm
>
>- Scientific Linux Development Team