- Issued:
- 2018-03-26
- Updated:
- 2018-03-26
RHSA-2018:0587 - Important: rh-mysql56-mysql security update
Synopsis
Important: rh-mysql56-mysql security update
Type/Severity
Security Advisory Important
Topic
An update for rh-mysql56-mysql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.39). (BZ#1533831)
Security Fix(es):
-
mysql: sha256_password authentication DoS via long password (CVE-2018-2696)
-
mysql: Server : Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)
-
mysql: Server: GIS unspecified vulnerability (CPU Jan 2018) (CVE-2018-2573)
-
mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018) (CVE-2018-2583)
-
mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) (CVE-2018-2590)
-
mysql: Server : Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2591)
-
mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612)
-
mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)
-
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)
-
mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) (CVE-2018-2645)
-
mysql: Server: Replication unspecified vulnerability (CPU Jan 2018) (CVE-2018-2647)
-
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)
-
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)
-
mysql: sha256_password authentication DoS via hash with large rounds value (CVE-2018-2703)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
The CVE-2018-2696 and CVE-2018-2703 issues were discovered by Red Hat Product Security.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Software Collections (for RHEL Workstation) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Workstation) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
| Red Hat Software Collections (for RHEL Server) | 1 | x86_64 |
Updated Packages
- rh-mysql56-mysql-common-5.6.39-1.el6.1.x86_64.rpm
- rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-server-5.6.39-1.el6.1.x86_64.rpm
- rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-errmsg-5.6.39-1.el6.1.x86_64.rpm
- rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm
- rh-mysql56-mysql-5.6.39-1.el6.1.x86_64.rpm
- rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-config-5.6.39-1.el6.1.x86_64.rpm
- rh-mysql56-mysql-bench-5.6.39-1.el6.1.x86_64.rpm
- rh-mysql56-mysql-devel-5.6.39-1.el6.1.x86_64.rpm
- rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-test-5.6.39-1.el6.1.x86_64.rpm
- rh-mysql56-mysql-5.6.39-1.el6.1.src.rpm
- rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm
- rh-mysql56-mysql-debuginfo-5.6.39-1.el6.1.x86_64.rpm
Fixes
- This content is not included.BZ - 1509475
- This content is not included.BZ - 1534139
- This content is not included.BZ - 1535484
- This content is not included.BZ - 1535487
- This content is not included.BZ - 1535490
- This content is not included.BZ - 1535492
- This content is not included.BZ - 1535493
- This content is not included.BZ - 1535497
- This content is not included.BZ - 1535499
- This content is not included.BZ - 1535500
- This content is not included.BZ - 1535501
- This content is not included.BZ - 1535503
- This content is not included.BZ - 1535504
- This content is not included.BZ - 1535506
CVEs
- CVE-2018-2562
- CVE-2018-2573
- CVE-2018-2583
- CVE-2018-2590
- CVE-2018-2591
- CVE-2018-2612
- CVE-2018-2622
- CVE-2018-2640
- CVE-2018-2645
- CVE-2018-2647
- CVE-2018-2665
- CVE-2018-2668
- CVE-2018-2696
- CVE-2018-2703
References
- https://access.redhat.com/security/updates/classification/#important
- Content from www.oracle.com is not included.Content from www.oracle.com is not included.http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
- Content from dev.mysql.com is not included.Content from dev.mysql.com is not included.https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.