RedHat: RHSA-2018-0586:01 Important: rh-mysql57-mysql security update
Summary
MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version:
rh-mysql57-mysql (5.7.21). (BZ#1533832)
Security Fix(es):
* mysql: sha256_password authentication DoS via long password
(CVE-2018-2696)
* mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2565)
* mysql: Server: GIS unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2573)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2576)
* mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2583)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2586)
* mysql: Server: Performance Schema unspecified vulnerability (CPU Jan
2018) (CVE-2018-2590)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2600)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2622)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2640)
* mysql: Server: Performance Schema unspecified vulnerability (CPU Jan
2018) (CVE-2018-2645)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2646)
* mysql: Server: Replication unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2647)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2665)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2667)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2668)
* mysql: sha256_password authentication DoS via hash with large rounds
value (CVE-2018-2703)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
The CVE-2018-2696 and CVE-2018-2703 issues were discovered by Red Hat
Product Security.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically.
References
https://access.redhat.com/security/cve/CVE-2018-2565 https://access.redhat.com/security/cve/CVE-2018-2573 https://access.redhat.com/security/cve/CVE-2018-2576 https://access.redhat.com/security/cve/CVE-2018-2583 https://access.redhat.com/security/cve/CVE-2018-2586 https://access.redhat.com/security/cve/CVE-2018-2590 https://access.redhat.com/security/cve/CVE-2018-2600 https://access.redhat.com/security/cve/CVE-2018-2612 https://access.redhat.com/security/cve/CVE-2018-2622 https://access.redhat.com/security/cve/CVE-2018-2640 https://access.redhat.com/security/cve/CVE-2018-2645 https://access.redhat.com/security/cve/CVE-2018-2646 https://access.redhat.com/security/cve/CVE-2018-2647 https://access.redhat.com/security/cve/CVE-2018-2665 https://access.redhat.com/security/cve/CVE-2018-2667 https://access.redhat.com/security/cve/CVE-2018-2668 https://access.redhat.com/security/cve/CVE-2018-2696 https://access.redhat.com/security/cve/CVE-2018-2703 https://access.redhat.com/security/updates/classification/#important https://www.oracle.com/security-alerts/cpujan2018.html https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html
Package List
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-mysql57-mysql-5.7.21-2.el6.1.src.rpm
x86_64:
rh-mysql57-mysql-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-common-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-config-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-devel-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-server-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-test-5.7.21-2.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source:
rh-mysql57-mysql-5.7.21-2.el6.1.src.rpm
x86_64:
rh-mysql57-mysql-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-common-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-config-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-devel-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-server-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-test-5.7.21-2.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
rh-mysql57-mysql-5.7.21-2.el6.1.src.rpm
x86_64:
rh-mysql57-mysql-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-common-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-config-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-devel-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-server-5.7.21-2.el6.1.x86_64.rpm
rh-mysql57-mysql-test-5.7.21-2.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-mysql57-mysql-5.7.21-2.el7.1.src.rpm
x86_64:
rh-mysql57-mysql-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-common-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-config-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-devel-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-server-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-test-5.7.21-2.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source:
rh-mysql57-mysql-5.7.21-2.el7.1.src.rpm
x86_64:
rh-mysql57-mysql-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-common-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-config-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-devel-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-server-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-test-5.7.21-2.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source:
rh-mysql57-mysql-5.7.21-2.el7.1.src.rpm
x86_64:
rh-mysql57-mysql-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-common-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-config-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-devel-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-server-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-test-5.7.21-2.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-mysql57-mysql-5.7.21-2.el7.1.src.rpm
x86_64:
rh-mysql57-mysql-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-common-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-config-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-devel-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-server-5.7.21-2.el7.1.x86_64.rpm
rh-mysql57-mysql-test-5.7.21-2.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for rh-mysql57-mysql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Bugs Fixed
1509475 - CVE-2018-2696 mysql: sha256_password authentication DoS via long password
1534139 - CVE-2018-2703 mysql: sha256_password authentication DoS via hash with large rounds value
1535486 - CVE-2018-2565 mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2018)
1535487 - CVE-2018-2573 mysql: Server: GIS unspecified vulnerability (CPU Jan 2018)
1535488 - CVE-2018-2576 mysql: Server: DML unspecified vulnerability (CPU Jan 2018)
1535490 - CVE-2018-2583 mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018)
1535491 - CVE-2018-2586 mysql: Server: DML unspecified vulnerability (CPU Jan 2018)
1535492 - CVE-2018-2590 mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018)
1535496 - CVE-2018-2600 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535497 - CVE-2018-2612 mysql: InnoDB unspecified vulnerability (CPU Jan 2018)
1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535501 - CVE-2018-2645 mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018)
1535502 - CVE-2018-2646 mysql: Server: DML unspecified vulnerability (CPU Jan 2018)
1535503 - CVE-2018-2647 mysql: Server: Replication unspecified vulnerability (CPU Jan 2018)
1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535505 - CVE-2018-2667 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)