Red Hat Security Advisory: mysql security update Security Advisory secalert@redhat.com Red Hat Security Response Team RHSA-2013:0219 Final 2 2 2013-01-31T19:16:00Z Current version 2013-01-31T19:16:00Z 2013-01-31T19:16:00Z Red Hat rhsa-to-cvrf 1.0.1484 2013-01-31T21:46:02Z Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-0572, CVE-2012-0574, CVE-2012-1702, CVE-2012-1705, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0389) These updated packages upgrade MySQL to version 5.1.67. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. Please see https://www.redhat.com/footer/terms-of-use.html Copyright © 2013 Red Hat, Inc. All rights reserved. Moderate https://rhn.redhat.com/errata/RHSA-2013-0219.html https://rhn.redhat.com/errata/RHSA-2013-0219.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixMSQL http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-67.html http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-67.html Red Hat Enterprise Linux HPC Node Optional (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Red Hat Enterprise Linux Desktop Optional (v. 6) Red Hat Enterprise Linux Workstation Optional (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server Optional (v. 6) mysql-5.1.67-1.el6_3.src.rpm mysql-5.1.67-1.el6_3 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6) mysql-5.1.67-1.el6_3 as a component of Red Hat Enterprise Linux Server (v. 6) mysql-5.1.67-1.el6_3 as a component of Red Hat Enterprise Linux Workstation (v. 6) mysql-5.1.67-1.el6_3 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6) mysql-5.1.67-1.el6_3 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6) mysql-5.1.67-1.el6_3 as a component of Red Hat Enterprise Linux HPC Node (v. 6) mysql-5.1.67-1.el6_3 as a component of Red Hat Enterprise Linux Desktop (v. 6) mysql-5.1.67-1.el6_3 as a component of Red Hat Enterprise Linux Server Optional (v. 6) This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2012-0572 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Low 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2012-0572.html CVE-2012-0572 https://bugzilla.redhat.com/show_bug.cgi?id=896072 bz#896072: CVE-2012-0572 mysql: unspecified DoS vulnerability related to InnoDB (CPU Jan 2013) This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2012-0574 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Low 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2012-0574.html CVE-2012-0574 https://bugzilla.redhat.com/show_bug.cgi?id=896076 bz#896076: CVE-2012-0574 mysql: unspecified DoS vulnerability related to Server (CPU Jan 2013) This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2012-1702 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Moderate 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2012-1702.html CVE-2012-1702 https://bugzilla.redhat.com/show_bug.cgi?id=896069 bz#896069: CVE-2012-1702 mysql: unspecified unauthenticated DoS vulnerability related to Server (CPU Jan 2013) This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2012-1705 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Low 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2012-1705.html CVE-2012-1705 https://bugzilla.redhat.com/show_bug.cgi?id=896078 bz#896078: CVE-2012-1705 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013) This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2013-0375 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Moderate 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2013-0375.html CVE-2013-0375 https://bugzilla.redhat.com/show_bug.cgi?id=896067 bz#896067: CVE-2013-0375 mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows remote attackers to alter confidentiality and integrity This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2013-0383 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2013-0383.html CVE-2013-0383 https://bugzilla.redhat.com/show_bug.cgi?id=896070 bz#896070: CVE-2013-0383 mysql: unspecified unauthenticated DoS vulnerability related to Server Locking (CPU Jan 2013) This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2013-0384 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2013-0384.html CVE-2013-0384 https://bugzilla.redhat.com/show_bug.cgi?id=896062 bz#896062: CVE-2013-0384 mysql: unspecified DoS vulnerability related to Information Schema (CPU Jan 2013) This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2013-0385 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Moderate 6.6 AV:L/AC:L/Au:N/C:C/I:C/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2013-0385.html CVE-2013-0385 https://bugzilla.redhat.com/show_bug.cgi?id=896066 bz#896066: CVE-2013-0385 mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows local attackers to alter confidentiality and integrity This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. 2013-01-15T00:00:00Z 2013-01-15T00:00:00Z CVE-2013-0389 6Client-6.3.z:mysql-5.1.67-1.el6_3 6Client-optional-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-6.3.z:mysql-5.1.67-1.el6_3 6ComputeNode-optional-6.3.z:mysql-5.1.67-1.el6_3 6Server-6.3.z:mysql-5.1.67-1.el6_3 6Server-optional-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-6.3.z:mysql-5.1.67-1.el6_3 6Workstation-optional-6.3.z:mysql-5.1.67-1.el6_3 Moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0219.html https://www.redhat.com/security/data/cve/CVE-2013-0389.html CVE-2013-0389 https://bugzilla.redhat.com/show_bug.cgi?id=896063 bz#896063: CVE-2013-0389 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)