Security Advisory Moderate: mysql55-mysql security update

Advisory: RHSA-2014:0186-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-02-18
Last updated on: 2014-02-18
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2013-3839
CVE-2013-5807
CVE-2013-5891
CVE-2013-5908
CVE-2014-0001
CVE-2014-0386
CVE-2014-0393
CVE-2014-0401
CVE-2014-0402
CVE-2014-0412
CVE-2014-0420
CVE-2014-0437

Details

Updated mysql55-mysql packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

This update fixes several vulnerabilities in the MySQL database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2013-5807,
CVE-2013-5891, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402,
CVE-2014-0412, CVE-2014-0420, CVE-2014-0437, CVE-2013-3839, CVE-2013-5908)

A buffer overflow flaw was found in the way the MySQL command line client
tool (mysql) processed excessively long version strings. If a user
connected to a malicious MySQL server via the mysql client, the server
could use this flaw to crash the mysql client or, potentially, execute
arbitrary code as the user running the mysql client. (CVE-2014-0001)

The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat
Security Response Team.

These updated packages upgrade MySQL to version 5.5.36. Refer to the MySQL
Release Notes listed in the References section for a complete list
of changes.

All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
mysql55-mysql-5.5.36-2.el5.src.rpm
File outdated by:  RHSA-2015:1628
    MD5: bb093e6ca9ec9dff0972ac04ac153873
SHA-256: f0d61b02b4ec82fa74b96621357e1c958b5b56b9f44bb76f2518506c801e27d7
 
IA-32:
mysql55-mysql-debuginfo-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: bcaef090391e3d66db04f72855de17cf
SHA-256: 7fb4bb5a2928b62cbf6e4477e10c13e9c14f191d7ad07f9044e5f5ebe2948292
mysql55-mysql-devel-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 57a9e1a4540dc910976c1b20f79c8a73
SHA-256: ae969cce17fed04dbfb72f449f1694306689459fd2ca51869c2e2cdc57515dfc
 
x86_64:
mysql55-mysql-debuginfo-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: bcaef090391e3d66db04f72855de17cf
SHA-256: 7fb4bb5a2928b62cbf6e4477e10c13e9c14f191d7ad07f9044e5f5ebe2948292
mysql55-mysql-debuginfo-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 2c605011fb948520d5577601d40b6b4f
SHA-256: 3d78918cae17cf19692e892e62e5586b527e14633a186da78f6a8c9acfecb4a7
mysql55-mysql-devel-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 57a9e1a4540dc910976c1b20f79c8a73
SHA-256: ae969cce17fed04dbfb72f449f1694306689459fd2ca51869c2e2cdc57515dfc
mysql55-mysql-devel-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 09d2802525ae4ec34d370c9e6fcbe633
SHA-256: 8ff5636aff1d42ef64e5f167b8609c1ea4ea2cb727e68a46d091af0177410a8f
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
mysql55-mysql-5.5.36-2.el5.src.rpm
File outdated by:  RHSA-2015:1628
    MD5: bb093e6ca9ec9dff0972ac04ac153873
SHA-256: f0d61b02b4ec82fa74b96621357e1c958b5b56b9f44bb76f2518506c801e27d7
 
IA-32:
mysql55-mysql-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 0f5df55b1e1b87bcb2912a752668dc5f
SHA-256: 6cff1c492eae7aa88a859b2130f114e8541af8cb64331d5b685748d1158e90ad
mysql55-mysql-bench-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 17c32e5dae0fe451536673d6625a4534
SHA-256: 5252fddcaa7e1ced578e98e3f34d6d007a4c0e477917b0bcc49f3cc53b262b28
mysql55-mysql-debuginfo-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: bcaef090391e3d66db04f72855de17cf
SHA-256: 7fb4bb5a2928b62cbf6e4477e10c13e9c14f191d7ad07f9044e5f5ebe2948292
mysql55-mysql-devel-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 57a9e1a4540dc910976c1b20f79c8a73
SHA-256: ae969cce17fed04dbfb72f449f1694306689459fd2ca51869c2e2cdc57515dfc
mysql55-mysql-libs-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 7c89d4c2d68b07965defdac4ae7e1224
SHA-256: cf21db9effa2a39dd4b32a57360b5679a59dbf3232471bbdc2594470343f3c6c
mysql55-mysql-server-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 2af437b55521ee8fcc059fd3ad6096ab
SHA-256: a17138a860cca6b82c750949d6d3abcf42ba4e4048350d3af7731248006b722f
mysql55-mysql-test-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 852686b556ef96dbff350983f8a09897
SHA-256: 93cc4cf51bbf97f2f8c6dbe3fff02a8a6f5b1a5ad2c927ef960cd54246fac7cc
 
IA-64:
mysql55-mysql-5.5.36-2.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: ab151ead83ad158c79b1b89f67998d18
SHA-256: 4e3f2f535c6f57f8e7afd3130e8b3ba1deaaf5d911aae0167797839b8f7ba176
mysql55-mysql-bench-5.5.36-2.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 00a57fa7aea33a24b7ce56a4fd01b127
SHA-256: 067c0e60f164319a9c060c78fcedbc46334c5eeec059ad4455149528f21a25bc
mysql55-mysql-debuginfo-5.5.36-2.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 15d0a7936340eef86ed4e9ca32e18261
SHA-256: d9c95d6485a342dc34f3d438f95cedf20fa6bc37bf4b7c0cfe0e1b75a7929858
mysql55-mysql-devel-5.5.36-2.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 60f6dd688d70409078e3aa8a24e0eb1b
SHA-256: 9bc4b25b843bdf422a5fae770bcdea8ba5a583a85e23a2f20090e67df6821c12
mysql55-mysql-libs-5.5.36-2.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 98c5a91489d8c04be12b8edeb9a959e0
SHA-256: a3cedbe26e4a05fe13b03b362e320d1184d4c6166add2a469b17600a9cd23b42
mysql55-mysql-server-5.5.36-2.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: dd3a87871c44cb9eae800227bb345e5a
SHA-256: f2d333ea6f67b495dec457a45f84584a6a8ae5c9d4ce625f5e3c9b73e7487732
mysql55-mysql-test-5.5.36-2.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 41bcc2b74e1d18662ab1f203126c4a8e
SHA-256: 6141442bcb2756e12525664112cf8d29b8e1dab70e5e69de03f47049efcff670
 
PPC:
mysql55-mysql-5.5.36-2.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: d2619a3880aff327d0dd15f7160cda7b
SHA-256: f68bf187a5f99163cb121e94e0eb86224dc0f7a8198b7527ea0544fda3a4efc5
mysql55-mysql-bench-5.5.36-2.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 7571bf29d11b3247b64a3aa5ff42f22f
SHA-256: ad9958c2470bd8ff47bdf65c89c4b66cf0dd0666ddc9aa88cfa2236d9ab43533
mysql55-mysql-debuginfo-5.5.36-2.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 64f115086c9cfdc938b017dd7504ebc1
SHA-256: 85f81c6d01593606767751b0eead6e97e9beb9599e796b2a91e8c6b0e98de6aa
mysql55-mysql-debuginfo-5.5.36-2.el5.ppc64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 5abd95940fc201375d992b5d5f0f755e
SHA-256: 05125b9462589c513f2acab6bb28c34932e8072d8b81a8de8142b2119df8bc07
mysql55-mysql-devel-5.5.36-2.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 2ddae7e39ba026baea4345a18a883d66
SHA-256: ebc26a73abac73fd01d65f55328615a48260c003fd6e54db341628948bf84ac4
mysql55-mysql-devel-5.5.36-2.el5.ppc64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 4f362dc9931ee57c21c302bf8102631c
SHA-256: b4c5075d91898f7b3d2a389277b1f1f469e28611dfbcb9a03f5782f1ccc0a26c
mysql55-mysql-libs-5.5.36-2.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: d966e11325abb7c6b6ad9daacb6827fe
SHA-256: 6735fb08af749daaa499d5d2c75b1a9f65d60402f956ce6c85cac3ecdc758e6a
mysql55-mysql-server-5.5.36-2.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 45b2293fb04a0649ccdc088ebfa0c32c
SHA-256: bed31a94355daf21e117846220b7650a93734aadb73069fe985fd2bc5885c1dd
mysql55-mysql-test-5.5.36-2.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 913bd76bb48f4616f384faa0073c6564
SHA-256: accf67592e255ea8bb000a2fab8780a7f87d340774262cf15d870ce64c1a7827
 
s390x:
mysql55-mysql-5.5.36-2.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 7bca372136897db362d25033549aca56
SHA-256: c5c3198abfbd9465a120bd1982e01fc36cf41e188f64bd5e8d97399efc6991bd
mysql55-mysql-bench-5.5.36-2.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 6ed0c2dac0ca3ca4e10cb75e1160bf99
SHA-256: 33b7ef80ae8d1fc11f4f6ee72d6fa358f7491b0476c8d9f8d27343e0676fcb0a
mysql55-mysql-debuginfo-5.5.36-2.el5.s390.rpm
File outdated by:  RHSA-2015:1628
    MD5: 033c90bb98391f52e5ffe6cd3c2240c6
SHA-256: 90f389aad876f1d0a5084cad091a9fd25971463f9926456b9bc7543e30c5fa61
mysql55-mysql-debuginfo-5.5.36-2.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: b1d7d9adf541f4a577f6585635c3a894
SHA-256: 2fe42c92ae018dd67385ad7a6ebc34016a02d4b558ac3a32af7a0ed8113b4e11
mysql55-mysql-devel-5.5.36-2.el5.s390.rpm
File outdated by:  RHSA-2015:1628
    MD5: f887ab99143a71bec07a7f7788fe5901
SHA-256: 3c97a982a81761ee783efffccf03bfdd1b66c16ffa84c56298cf9bf9f73ba887
mysql55-mysql-devel-5.5.36-2.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 76cf2b1f794f7e7a46bd84ae96e99fe7
SHA-256: e7dc808bf5e9ba9c356e8a038218efb2bb9a63639b6cafb0f670437bdad225fa
mysql55-mysql-libs-5.5.36-2.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 51675970f0e820c828e00c19cbe83430
SHA-256: fc0a32661b00d0c86b2ba146d837dafdeafb1692723211853934748620d44967
mysql55-mysql-server-5.5.36-2.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: ac969668082a177a225f904989ef06b4
SHA-256: 16a95d06308a7758fe6d481d02199a2ad3ecc610bf03213fd0ee40591658ae77
mysql55-mysql-test-5.5.36-2.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 57faa4394ed6e0d9daf337ae5affe792
SHA-256: 9a6284358f4ede21dded2b19f4dd0682c465695aa4e6c426ffb500ec08f59233
 
x86_64:
mysql55-mysql-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: bbbfbe8c993128dfed27ceca915b57aa
SHA-256: 9c52ba7483bbdf2d2f693d164ce2df1cda437fa787be18747596432c6c8bb0ce
mysql55-mysql-bench-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 8ed2d66496763260ebed76e9cca7c100
SHA-256: 20a4dd50e66a8b4a66d56e764b8520d000b40825be7d9405de74563e1f89ede6
mysql55-mysql-debuginfo-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: bcaef090391e3d66db04f72855de17cf
SHA-256: 7fb4bb5a2928b62cbf6e4477e10c13e9c14f191d7ad07f9044e5f5ebe2948292
mysql55-mysql-debuginfo-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 2c605011fb948520d5577601d40b6b4f
SHA-256: 3d78918cae17cf19692e892e62e5586b527e14633a186da78f6a8c9acfecb4a7
mysql55-mysql-devel-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 57a9e1a4540dc910976c1b20f79c8a73
SHA-256: ae969cce17fed04dbfb72f449f1694306689459fd2ca51869c2e2cdc57515dfc
mysql55-mysql-devel-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 09d2802525ae4ec34d370c9e6fcbe633
SHA-256: 8ff5636aff1d42ef64e5f167b8609c1ea4ea2cb727e68a46d091af0177410a8f
mysql55-mysql-libs-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 047776617dc9d0a84220e4a7b1978c99
SHA-256: 6056f2dee2be4f9b6f53ca6c704241415f10f613bc557d46b813e36fd055eb3a
mysql55-mysql-server-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: d20a4361c04f1af3129600936c64625e
SHA-256: 62d67cab04054512690bbee66167053649dfe45f8dfa1b710044f429edfa3cd6
mysql55-mysql-test-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: b2c75d10c13155ddcd53ad8f74a7f7ef
SHA-256: f4f8db912aea979829a26147c31482ebf276de3c3beaed1d4c49c3272f8f9922
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
mysql55-mysql-5.5.36-2.el5.src.rpm
File outdated by:  RHSA-2015:1628
    MD5: bb093e6ca9ec9dff0972ac04ac153873
SHA-256: f0d61b02b4ec82fa74b96621357e1c958b5b56b9f44bb76f2518506c801e27d7
 
IA-32:
mysql55-mysql-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 0f5df55b1e1b87bcb2912a752668dc5f
SHA-256: 6cff1c492eae7aa88a859b2130f114e8541af8cb64331d5b685748d1158e90ad
mysql55-mysql-bench-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 17c32e5dae0fe451536673d6625a4534
SHA-256: 5252fddcaa7e1ced578e98e3f34d6d007a4c0e477917b0bcc49f3cc53b262b28
mysql55-mysql-debuginfo-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: bcaef090391e3d66db04f72855de17cf
SHA-256: 7fb4bb5a2928b62cbf6e4477e10c13e9c14f191d7ad07f9044e5f5ebe2948292
mysql55-mysql-libs-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 7c89d4c2d68b07965defdac4ae7e1224
SHA-256: cf21db9effa2a39dd4b32a57360b5679a59dbf3232471bbdc2594470343f3c6c
mysql55-mysql-server-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 2af437b55521ee8fcc059fd3ad6096ab
SHA-256: a17138a860cca6b82c750949d6d3abcf42ba4e4048350d3af7731248006b722f
mysql55-mysql-test-5.5.36-2.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 852686b556ef96dbff350983f8a09897
SHA-256: 93cc4cf51bbf97f2f8c6dbe3fff02a8a6f5b1a5ad2c927ef960cd54246fac7cc
 
x86_64:
mysql55-mysql-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: bbbfbe8c993128dfed27ceca915b57aa
SHA-256: 9c52ba7483bbdf2d2f693d164ce2df1cda437fa787be18747596432c6c8bb0ce
mysql55-mysql-bench-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 8ed2d66496763260ebed76e9cca7c100
SHA-256: 20a4dd50e66a8b4a66d56e764b8520d000b40825be7d9405de74563e1f89ede6
mysql55-mysql-debuginfo-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 2c605011fb948520d5577601d40b6b4f
SHA-256: 3d78918cae17cf19692e892e62e5586b527e14633a186da78f6a8c9acfecb4a7
mysql55-mysql-libs-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 047776617dc9d0a84220e4a7b1978c99
SHA-256: 6056f2dee2be4f9b6f53ca6c704241415f10f613bc557d46b813e36fd055eb3a
mysql55-mysql-server-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: d20a4361c04f1af3129600936c64625e
SHA-256: 62d67cab04054512690bbee66167053649dfe45f8dfa1b710044f429edfa3cd6
mysql55-mysql-test-5.5.36-2.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: b2c75d10c13155ddcd53ad8f74a7f7ef
SHA-256: f4f8db912aea979829a26147c31482ebf276de3c3beaed1d4c49c3272f8f9922
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1019978 - CVE-2013-3839 mysql: unspecified DoS related to Optimizer (CPU October 2013)
1019997 - CVE-2013-5807 mysql: unspecified flaw related to Replication (CPU October 2013)
1053371 - CVE-2013-5891 mysql: unspecified vulnerability related to Partition DoS (CPU Jan 2014)
1053373 - CVE-2013-5908 mysql: unspecified vulnerability related to Error Handling DoS (CPU Jan 2014)
1053375 - CVE-2014-0386 mysql: unspecified vulnerability related to Optimizer DoS (CPU Jan 2014)
1053377 - CVE-2014-0393 mysql: unspecified vulnerability related to InnoDB affecting integrity (CPU Jan 2014)
1053378 - CVE-2014-0401 mysql: unspecified DoS vulnerability (CPU Jan 2014)
1053380 - CVE-2014-0402 mysql: unspecified vulnerability related to Locking DoS (CPU Jan 2014)
1053381 - CVE-2014-0412 mysql: unspecified vulnerability related to InnoDB DoS (CPU Jan 2014)
1053383 - CVE-2014-0420 mysql: unspecified vulnerability related to Replication DoS (CPU Jan 2014)
1053390 - CVE-2014-0437 mysql: unspecified vulnerability related to Optimizer DoS (CPU Jan 2014)
1054592 - CVE-2014-0001 mysql: command-line tool buffer overflow via long server version string


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/