Synopsis: Moderate: mysql security and bug fix update Advisory ID: SLSA-2014:0164-1 Issue Date: 2014-02-12 CVE Numbers: CVE-2013-5908 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0437 CVE-2014-0001 -- (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) This update also fixes the following bug: * Prior to this update, MySQL did not check whether a MySQL socket was actually being used by any process before starting the mysqld service. If a particular mysqld service did not exit cleanly while a socket was being used by a process, this socket was considered to be still in use during the next start-up of this service, which resulted in a failure to start the service up. With this update, if a socket exists but is not used by any process, it is ignored during the mysqld service start-up. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. -- SL6 x86_64 mysql-5.1.73-3.el6_5.x86_64.rpm mysql-debuginfo-5.1.73-3.el6_5.i686.rpm mysql-debuginfo-5.1.73-3.el6_5.x86_64.rpm mysql-libs-5.1.73-3.el6_5.i686.rpm mysql-libs-5.1.73-3.el6_5.x86_64.rpm mysql-server-5.1.73-3.el6_5.x86_64.rpm mysql-bench-5.1.73-3.el6_5.x86_64.rpm mysql-devel-5.1.73-3.el6_5.i686.rpm mysql-devel-5.1.73-3.el6_5.x86_64.rpm mysql-embedded-5.1.73-3.el6_5.i686.rpm mysql-embedded-5.1.73-3.el6_5.x86_64.rpm mysql-embedded-devel-5.1.73-3.el6_5.i686.rpm mysql-embedded-devel-5.1.73-3.el6_5.x86_64.rpm mysql-test-5.1.73-3.el6_5.x86_64.rpm i386 mysql-5.1.73-3.el6_5.i686.rpm mysql-debuginfo-5.1.73-3.el6_5.i686.rpm mysql-libs-5.1.73-3.el6_5.i686.rpm mysql-server-5.1.73-3.el6_5.i686.rpm mysql-bench-5.1.73-3.el6_5.i686.rpm mysql-devel-5.1.73-3.el6_5.i686.rpm mysql-embedded-5.1.73-3.el6_5.i686.rpm mysql-embedded-devel-5.1.73-3.el6_5.i686.rpm mysql-test-5.1.73-3.el6_5.i686.rpm - Scientific Linux Development Team