LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

February 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS February 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Moderate: mysql on SL6.x i386/x86_64
From:	Bonnie King <[log in to unmask]>
Reply To:	Bonnie King <[log in to unmask]>
Date:	Wed, 12 Feb 2014 14:14:47 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (1 lines)

Slpackages working?

Pat Riehecky <[log in to unmask]> wrote:

>Synopsis:          Moderate: mysql security and bug fix update
>Advisory ID:       SLSA-2014:0164-1
>Issue Date:        2014-02-12
>CVE Numbers:       CVE-2013-5908
>                   CVE-2014-0386
>                   CVE-2014-0393
>                   CVE-2014-0401
>                   CVE-2014-0402
>                   CVE-2014-0412
>                   CVE-2014-0437
>                   CVE-2014-0001
>--
>
>(CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402,
>CVE-2014-0412, CVE-2014-0437, CVE-2013-5908)
>
>A buffer overflow flaw was found in the way the MySQL command line client
>tool (mysql) processed excessively long version strings. If a user
>connected to a malicious MySQL server via the mysql client, the server
>could use this flaw to crash the mysql client or, potentially, execute
>arbitrary code as the user running the mysql client. (CVE-2014-0001)
>
>This update also fixes the following bug:
>
>* Prior to this update, MySQL did not check whether a MySQL socket was
>actually being used by any process before starting the mysqld service. If
>a particular mysqld service did not exit cleanly while a socket was being
>used by a process, this socket was considered to be still in use during
>the next start-up of this service, which resulted in a failure to start
>the service up. With this update, if a socket exists but is not used by
>any process, it is ignored during the mysqld service start-up.
>
>After installing this update, the MySQL server daemon (mysqld) will be
>restarted automatically.
>--
>
>SL6
>  x86_64
>    mysql-5.1.73-3.el6_5.x86_64.rpm
>    mysql-debuginfo-5.1.73-3.el6_5.i686.rpm
>    mysql-debuginfo-5.1.73-3.el6_5.x86_64.rpm
>    mysql-libs-5.1.73-3.el6_5.i686.rpm
>    mysql-libs-5.1.73-3.el6_5.x86_64.rpm
>    mysql-server-5.1.73-3.el6_5.x86_64.rpm
>    mysql-bench-5.1.73-3.el6_5.x86_64.rpm
>    mysql-devel-5.1.73-3.el6_5.i686.rpm
>    mysql-devel-5.1.73-3.el6_5.x86_64.rpm
>    mysql-embedded-5.1.73-3.el6_5.i686.rpm
>    mysql-embedded-5.1.73-3.el6_5.x86_64.rpm
>    mysql-embedded-devel-5.1.73-3.el6_5.i686.rpm
>    mysql-embedded-devel-5.1.73-3.el6_5.x86_64.rpm
>    mysql-test-5.1.73-3.el6_5.x86_64.rpm
>  i386
>    mysql-5.1.73-3.el6_5.i686.rpm
>    mysql-debuginfo-5.1.73-3.el6_5.i686.rpm
>    mysql-libs-5.1.73-3.el6_5.i686.rpm
>    mysql-server-5.1.73-3.el6_5.i686.rpm
>    mysql-bench-5.1.73-3.el6_5.i686.rpm
>    mysql-devel-5.1.73-3.el6_5.i686.rpm
>    mysql-embedded-5.1.73-3.el6_5.i686.rpm
>    mysql-embedded-devel-5.1.73-3.el6_5.i686.rpm
>    mysql-test-5.1.73-3.el6_5.i686.rpm
>
>- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV