Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0861 Important: rh-mysql security update 27 March 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rh-mysql56-mysql rh-mysql57-mysql Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Modify Arbitrary Files -- Existing Account Delete Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-2703 CVE-2018-2696 CVE-2018-2668 CVE-2018-2667 CVE-2018-2665 CVE-2018-2647 CVE-2018-2646 CVE-2018-2645 CVE-2018-2640 CVE-2018-2622 CVE-2018-2612 CVE-2018-2600 CVE-2018-2591 CVE-2018-2590 CVE-2018-2586 CVE-2018-2583 CVE-2018-2576 CVE-2018-2573 CVE-2018-2565 CVE-2018-2562 Reference: ASB-2018.0026 ESB-2018.0771 ESB-2018.0770 ESB-2018.0232.2 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mysql56-mysql security update Advisory ID: RHSA-2018:0587-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:0587 Issue date: 2018-03-26 CVE Names: CVE-2018-2562 CVE-2018-2573 CVE-2018-2583 CVE-2018-2590 CVE-2018-2591 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2647 CVE-2018-2665 CVE-2018-2668 CVE-2018-2696 CVE-2018-2703 ===================================================================== 1. Summary: An update for rh-mysql56-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.39). (BZ#1533831) Security Fix(es): * mysql: sha256_password authentication DoS via long password (CVE-2018-2696) * mysql: Server : Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: GIS unspecified vulnerability (CPU Jan 2018) (CVE-2018-2573) * mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018) (CVE-2018-2583) * mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) (CVE-2018-2590) * mysql: Server : Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2591) * mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) (CVE-2018-2645) * mysql: Server: Replication unspecified vulnerability (CPU Jan 2018) (CVE-2018-2647) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: sha256_password authentication DoS via hash with large rounds value (CVE-2018-2703) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-2696 and CVE-2018-2703 issues were discovered by Red Hat Product Security. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1509475 - CVE-2018-2696 mysql: sha256_password authentication DoS via long password 1534139 - CVE-2018-2703 mysql: sha256_password authentication DoS via hash with large rounds value 1535484 - CVE-2018-2562 mysql: Server : Partition unspecified vulnerability (CPU Jan 2018) 1535487 - CVE-2018-2573 mysql: Server: GIS unspecified vulnerability (CPU Jan 2018) 1535490 - CVE-2018-2583 mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018) 1535492 - CVE-2018-2590 mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) 1535493 - CVE-2018-2591 mysql: Server : Partition unspecified vulnerability (CPU Jan 2018) 1535497 - CVE-2018-2612 mysql: InnoDB unspecified vulnerability (CPU Jan 2018) 1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) 1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1535501 - CVE-2018-2645 mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) 1535503 - CVE-2018-2647 mysql: Server: Replication unspecified vulnerability (CPU Jan 2018) 1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mysql56-mysql-5.6.39-1.el6.1.src.rpm x86_64: rh-mysql56-mysql-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-bench-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-common-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-config-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-devel-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-server-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-test-5.6.39-1.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mysql56-mysql-5.6.39-1.el6.1.src.rpm x86_64: rh-mysql56-mysql-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-bench-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-common-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-config-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-devel-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-server-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-test-5.6.39-1.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mysql56-mysql-5.6.39-1.el6.1.src.rpm x86_64: rh-mysql56-mysql-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-bench-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-common-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-config-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-devel-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-server-5.6.39-1.el6.1.x86_64.rpm rh-mysql56-mysql-test-5.6.39-1.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm x86_64: rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm x86_64: rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm x86_64: rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mysql56-mysql-5.6.39-1.el7.1.src.rpm x86_64: rh-mysql56-mysql-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-bench-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-common-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-config-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-devel-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-server-5.6.39-1.el7.1.x86_64.rpm rh-mysql56-mysql-test-5.6.39-1.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-2562 https://access.redhat.com/security/cve/CVE-2018-2573 https://access.redhat.com/security/cve/CVE-2018-2583 https://access.redhat.com/security/cve/CVE-2018-2590 https://access.redhat.com/security/cve/CVE-2018-2591 https://access.redhat.com/security/cve/CVE-2018-2612 https://access.redhat.com/security/cve/CVE-2018-2622 https://access.redhat.com/security/cve/CVE-2018-2640 https://access.redhat.com/security/cve/CVE-2018-2645 https://access.redhat.com/security/cve/CVE-2018-2647 https://access.redhat.com/security/cve/CVE-2018-2665 https://access.redhat.com/security/cve/CVE-2018-2668 https://access.redhat.com/security/cve/CVE-2018-2696 https://access.redhat.com/security/cve/CVE-2018-2703 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFauMWZXlSAg2UNWIIRAkQzAJ4oLJRlXJEbe0TAVQLMNDw0hlGLGQCfRvlz RNfO5t2zI4auwAh0qk5hpwI= =UG1A - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-mysql57-mysql security update Advisory ID: RHSA-2018:0586-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:0586 Issue date: 2018-03-26 CVE Names: CVE-2018-2565 CVE-2018-2573 CVE-2018-2576 CVE-2018-2583 CVE-2018-2586 CVE-2018-2590 CVE-2018-2600 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2646 CVE-2018-2647 CVE-2018-2665 CVE-2018-2667 CVE-2018-2668 CVE-2018-2696 CVE-2018-2703 ===================================================================== 1. Summary: An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql (5.7.21). (BZ#1533832) Security Fix(es): * mysql: sha256_password authentication DoS via long password (CVE-2018-2696) * mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2565) * mysql: Server: GIS unspecified vulnerability (CPU Jan 2018) (CVE-2018-2573) * mysql: Server: DML unspecified vulnerability (CPU Jan 2018) (CVE-2018-2576) * mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018) (CVE-2018-2583) * mysql: Server: DML unspecified vulnerability (CPU Jan 2018) (CVE-2018-2586) * mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) (CVE-2018-2590) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2600) * mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) (CVE-2018-2645) * mysql: Server: DML unspecified vulnerability (CPU Jan 2018) (CVE-2018-2646) * mysql: Server: Replication unspecified vulnerability (CPU Jan 2018) (CVE-2018-2647) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2667) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: sha256_password authentication DoS via hash with large rounds value (CVE-2018-2703) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-2696 and CVE-2018-2703 issues were discovered by Red Hat Product Security. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1509475 - CVE-2018-2696 mysql: sha256_password authentication DoS via long password 1534139 - CVE-2018-2703 mysql: sha256_password authentication DoS via hash with large rounds value 1535486 - CVE-2018-2565 mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2018) 1535487 - CVE-2018-2573 mysql: Server: GIS unspecified vulnerability (CPU Jan 2018) 1535488 - CVE-2018-2576 mysql: Server: DML unspecified vulnerability (CPU Jan 2018) 1535490 - CVE-2018-2583 mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018) 1535491 - CVE-2018-2586 mysql: Server: DML unspecified vulnerability (CPU Jan 2018) 1535492 - CVE-2018-2590 mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) 1535496 - CVE-2018-2600 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1535497 - CVE-2018-2612 mysql: InnoDB unspecified vulnerability (CPU Jan 2018) 1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) 1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1535501 - CVE-2018-2645 mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018) 1535502 - CVE-2018-2646 mysql: Server: DML unspecified vulnerability (CPU Jan 2018) 1535503 - CVE-2018-2647 mysql: Server: Replication unspecified vulnerability (CPU Jan 2018) 1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1535505 - CVE-2018-2667 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-mysql57-mysql-5.7.21-2.el6.1.src.rpm x86_64: rh-mysql57-mysql-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-common-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-config-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-debuginfo-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-devel-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-errmsg-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-server-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-test-5.7.21-2.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mysql57-mysql-5.7.21-2.el6.1.src.rpm x86_64: rh-mysql57-mysql-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-common-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-config-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-debuginfo-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-devel-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-errmsg-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-server-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-test-5.7.21-2.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mysql57-mysql-5.7.21-2.el6.1.src.rpm x86_64: rh-mysql57-mysql-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-common-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-config-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-debuginfo-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-devel-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-errmsg-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-server-5.7.21-2.el6.1.x86_64.rpm rh-mysql57-mysql-test-5.7.21-2.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mysql57-mysql-5.7.21-2.el7.1.src.rpm x86_64: rh-mysql57-mysql-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-common-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-config-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-debuginfo-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-devel-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-errmsg-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-server-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-test-5.7.21-2.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-mysql57-mysql-5.7.21-2.el7.1.src.rpm x86_64: rh-mysql57-mysql-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-common-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-config-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-debuginfo-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-devel-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-errmsg-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-server-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-test-5.7.21-2.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-mysql57-mysql-5.7.21-2.el7.1.src.rpm x86_64: rh-mysql57-mysql-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-common-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-config-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-debuginfo-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-devel-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-errmsg-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-server-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-test-5.7.21-2.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-mysql57-mysql-5.7.21-2.el7.1.src.rpm x86_64: rh-mysql57-mysql-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-common-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-config-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-debuginfo-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-devel-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-errmsg-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-server-5.7.21-2.el7.1.x86_64.rpm rh-mysql57-mysql-test-5.7.21-2.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-2565 https://access.redhat.com/security/cve/CVE-2018-2573 https://access.redhat.com/security/cve/CVE-2018-2576 https://access.redhat.com/security/cve/CVE-2018-2583 https://access.redhat.com/security/cve/CVE-2018-2586 https://access.redhat.com/security/cve/CVE-2018-2590 https://access.redhat.com/security/cve/CVE-2018-2600 https://access.redhat.com/security/cve/CVE-2018-2612 https://access.redhat.com/security/cve/CVE-2018-2622 https://access.redhat.com/security/cve/CVE-2018-2640 https://access.redhat.com/security/cve/CVE-2018-2645 https://access.redhat.com/security/cve/CVE-2018-2646 https://access.redhat.com/security/cve/CVE-2018-2647 https://access.redhat.com/security/cve/CVE-2018-2665 https://access.redhat.com/security/cve/CVE-2018-2667 https://access.redhat.com/security/cve/CVE-2018-2668 https://access.redhat.com/security/cve/CVE-2018-2696 https://access.redhat.com/security/cve/CVE-2018-2703 https://access.redhat.com/security/updates/classification/#important http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFauMgxXlSAg2UNWIIRAtcLAJ4zhqGo0n4RszUldfvQBDbycbX0xgCfYuDB CbfOuPLInhpbK60rub4yIwE= =A8wP - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWrmXIox+lLeg9Ub1AQhvlw/+NjDmltP+OwOk55GDMnfNexfmUz2g6qtK QcXMcCAWUmCW2Rhhei+Lkj/33j2Z0Y3kUqS9N4z89yXuVP9K2yiKyhLWaWNp/Ze4 I3uMPxj6O5kjcDd+LJOEWRJKdEtOqLNFX7SfLQnBuPzdGt/a0DyeZ06W5B/TjlB9 Du/xUue8FPlyazYV0H6Dr5HBgI9CcCP7a9lPSncdqxoWjtiu2Y13veNhMi1MIL3b PnJHSuSqVyfrT0u+8vGHht8xIdsAdiTkw27DrZaSvim5D3rI0rXH32dR8lgj5F+g 5SR5NBxr2f6MlxRKfS/1qqsEA5PIaEuTGyc0vg1fIjeLw6/ECdTykx4f9W1ZQkVS FwIh3ta/pT3L/HT2uZWuJhc+uA7U4yVLHcL/I1b0Ciiz4pC8fmFJ0gmAdsGiUqY2 SIMBhFUdDZr7ogMwTIKJeTNguTwap70WFZgenQf2w+TjudePYwihV67JMs/16Ei5 mHDyAIGQKATI1l0qvY+6e3f6KMqcgDA0E6UnnLrpR2yQgEgy2Gg67tVeJAiBko5R Bw4G+O2IB48HU8P9ZqMF1CnhO0UNxIioN+nJ2jJTislXoXav/wEGA7epIbSPYaEp PZY8/MMFP/eeECV7sSJSAielBMhgIY2barPu0UYdOp9vXKOeJSV9ZkXmadev+3zE uM3GVlsQAa0= =PIVu -----END PGP SIGNATURE-----