Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0267
Moderate: mysql55-mysql security update
4 February 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mysql55-mysql
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated
Delete Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-0432 CVE-2015-0411 CVE-2015-0391
CVE-2015-0382 CVE-2015-0381 CVE-2015-0374
CVE-2014-6568
Reference: ASB-2015.0009
ESB-2015.0170
ESB-2015.0157
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2015-0116.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: mysql55-mysql security update
Advisory ID: RHSA-2015:0116-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0116.html
Issue date: 2015-02-03
CVE Names: CVE-2014-6568 CVE-2015-0374 CVE-2015-0381
CVE-2015-0382 CVE-2015-0391 CVE-2015-0411
CVE-2015-0432
=====================================================================
1. Summary:
Updated mysql55-mysql packages that fix several security issues are now
available for Red Hat Software Collections 1.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64
Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.
This update fixes several vulnerabilities in the MySQL database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2015-0381,
CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568,
CVE-2015-0374)
These updated packages upgrade MySQL to version 5.5.41. Refer to the MySQL
Release Notes listed in the References section for a complete list of
changes.
All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1184552 - CVE-2014-6568 mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015)
1184553 - CVE-2015-0374 mysql: unspecified vulnerability related to Server:Security:Privileges:Foreign Key (CPU Jan 2015)
1184554 - CVE-2015-0381 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015)
1184555 - CVE-2015-0382 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015)
1184557 - CVE-2015-0391 mysql: unspecified vulnerability related to Server:DDL (CPU Jan 2015)
1184560 - CVE-2015-0411 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015)
1184561 - CVE-2015-0432 mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015)
6. Package List:
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6):
Source:
mysql55-mysql-5.5.41-2.el6.src.rpm
x86_64:
mysql55-mysql-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4):
Source:
mysql55-mysql-5.5.41-2.el6.src.rpm
x86_64:
mysql55-mysql-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source:
mysql55-mysql-5.5.41-2.el6.src.rpm
x86_64:
mysql55-mysql-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source:
mysql55-mysql-5.5.41-2.el6.src.rpm
x86_64:
mysql55-mysql-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm
Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6):
Source:
mysql55-mysql-5.5.41-2.el6.src.rpm
x86_64:
mysql55-mysql-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-bench-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-debuginfo-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-devel-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-libs-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-server-5.5.41-2.el6.x86_64.rpm
mysql55-mysql-test-5.5.41-2.el6.x86_64.rpm
Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7):
Source:
mysql55-mysql-5.5.41-2.el7.src.rpm
x86_64:
mysql55-mysql-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-bench-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-debuginfo-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-devel-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-libs-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-server-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-test-5.5.41-2.el7.x86_64.rpm
Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7):
Source:
mysql55-mysql-5.5.41-2.el7.src.rpm
x86_64:
mysql55-mysql-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-bench-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-debuginfo-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-devel-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-libs-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-server-5.5.41-2.el7.x86_64.rpm
mysql55-mysql-test-5.5.41-2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-6568
https://access.redhat.com/security/cve/CVE-2015-0374
https://access.redhat.com/security/cve/CVE-2015-0381
https://access.redhat.com/security/cve/CVE-2015-0382
https://access.redhat.com/security/cve/CVE-2015-0391
https://access.redhat.com/security/cve/CVE-2015-0411
https://access.redhat.com/security/cve/CVE-2015-0432
https://access.redhat.com/security/updates/classification/#moderate
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU0RC2XlSAg2UNWIIRApnsAJ95So54fSlLom6Pel1+kn9Ac9TflwCfQxJY
hZuPwk3ftXal7P9iN1/BK8s=
=qfHH
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVNF2yhLndAQH1ShLAQLzKA/6AlF9P+bAxWA9IYB2T3een8GRt7uRdEVp
z2aOKqxLMCt66w/JJUt6Mw3XwwKVCBQjOkR7XzzewpwaR4GpT4Dn8EAqZkaaQxyz
UWzU3NQgynF/XvVXav+yZ158lomSp1JBGidUpy1LvkSlq7VY+kTpeIYqJRQMoH5v
oneLzIwR3pHTNEnuMokDzudGoY7BgfTnl0whLjXtsNDWb+5qRL0PRnevNyx5GgYA
x06VnxOOGT7jXF5ay1/TRkwTOwqWZXtE22cdfUfeB4XKXWq9rCCVWOh7QoSi8kmR
uh0xfPtWhiuTOxufwFK+GG9JQw0HGAJALvHVT68XHog8kwb16nQl5iwJRak7s9pb
ln+SGzGwJUiPFDkTEuLP8SQ2ZUbNfa4jRVE15JGBSAIoSNTvkRzfZUkia0P0myA6
YSiUXzA8BMWIU4MHIQi8H2KL3iksw9oyzbs7WBKj+fZMrMHSkNxd/IvF/0t5btKn
nHF7PFaEoPdmztSosdXw9heF/vm+wN1LQG3Vg7lpHfAqUejF5AeK4jzEHhPEsLXA
0FXrXT91bd2cIk7/uunGtQ5y1tfCAFt67Ix3j4TQsQ9NpWLPqxwfahQJOPVj7exT
UloY4Hl6YIEYFwwQwJw2ooOt2Zt0w+BEEAKKlAYPYGxYh5DCf5beMiApJan6EFVs
UiIMuGbxQXQ=
=5jYC
-----END PGP SIGNATURE-----