Security Advisory Moderate: mysql55-mysql security update

Advisory: RHSA-2014:0536-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-05-22
Last updated on: 2014-05-22
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2014-0384
CVE-2014-2419
CVE-2014-2430
CVE-2014-2431
CVE-2014-2432
CVE-2014-2436
CVE-2014-2438

Details

Updated mysql55-mysql packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.

This update fixes several vulnerabilities in the MySQL database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2014-2436,
CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431,
CVE-2014-2432, CVE-2014-2438)

These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL
Release Notes listed in the References section for a complete list of
changes.

All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
mysql55-mysql-5.5.37-1.el5.src.rpm
File outdated by:  RHSA-2015:1628
    MD5: 382d55c0048af099aec25c8f6e66dd25
SHA-256: f715b356d63943245bfa3a902afb0ab908ba5cd724d73c66abd32a99f0103f08
 
IA-32:
mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 6d6da4141cb8d0bd237be48154323b46
SHA-256: 3242e2b90a6e24c198298af5c04ff23e956ba3f9c299c1e9c24cf464b8d2ff29
mysql55-mysql-devel-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: b76d750405be67cba93488342769615a
SHA-256: 9266a797f882da1fd35b56add63fdabe18a6935dec56b32d44e5cd8414d47795
 
x86_64:
mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 6d6da4141cb8d0bd237be48154323b46
SHA-256: 3242e2b90a6e24c198298af5c04ff23e956ba3f9c299c1e9c24cf464b8d2ff29
mysql55-mysql-debuginfo-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: a44598c371b7c85471374c62cf495a75
SHA-256: 7a04f16f771549897ed4bfcd535e1e1abd2afcca8044c3d4bfebcc1591efb216
mysql55-mysql-devel-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: b76d750405be67cba93488342769615a
SHA-256: 9266a797f882da1fd35b56add63fdabe18a6935dec56b32d44e5cd8414d47795
mysql55-mysql-devel-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 01486ea85646a1e9018f8090c2ea18fd
SHA-256: 5359261d03badd160d5f369f267a4f3beea044216e039c133b91c986fbdc2660
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
mysql55-mysql-5.5.37-1.el5.src.rpm
File outdated by:  RHSA-2015:1628
    MD5: 382d55c0048af099aec25c8f6e66dd25
SHA-256: f715b356d63943245bfa3a902afb0ab908ba5cd724d73c66abd32a99f0103f08
 
IA-32:
mysql55-mysql-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 4427d7faa636d1f0c79d36c93e0d83b0
SHA-256: 1615e44e9415a488abea7e89148efcf6020eeedf27d13abe590ac4413ceb4f61
mysql55-mysql-bench-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: be3bd5ac6cf48e48e33533beb62fe7ea
SHA-256: 32134a0eafad9ee941be95a9335185dabb165ed9bed8a207f0a6d135071145ea
mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 6d6da4141cb8d0bd237be48154323b46
SHA-256: 3242e2b90a6e24c198298af5c04ff23e956ba3f9c299c1e9c24cf464b8d2ff29
mysql55-mysql-devel-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: b76d750405be67cba93488342769615a
SHA-256: 9266a797f882da1fd35b56add63fdabe18a6935dec56b32d44e5cd8414d47795
mysql55-mysql-libs-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 157ca6ef3ace5ec56268a95e603b5e60
SHA-256: 9bd2ee06d9db5cfe99f34097d835b01c357843e44a82ac62f873a19188de556b
mysql55-mysql-server-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: c5578fbc6b6d9d0db7849bc12da721c5
SHA-256: 6fa7ddb432806a3da8fbd10eab88a11f62c0f27173c178bd78da80ca48fef529
mysql55-mysql-test-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 16e0c9a930c95a33a432a5e1fb03f922
SHA-256: 6516b089ae800ba7517491995b10a3773c8c21cdad51296675261d931168ceee
 
IA-64:
mysql55-mysql-5.5.37-1.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 17d95efc0624a7ef3e0000d630fb444f
SHA-256: d47f9873a51738af2368b71844a5ab0feb066d323d1701b8a70991d19023965a
mysql55-mysql-bench-5.5.37-1.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 82aaf131a757e6f1661fff38936d344b
SHA-256: 54aca2beb3c23009a36c2b5950dbe1181b655239474a8d0c439900274ab5cd9c
mysql55-mysql-debuginfo-5.5.37-1.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 28a7f49a17481aa07e770bc617fd15b1
SHA-256: 5b93caa365ce75c8500e32567fcc30d30220ded42c1b9ea4cfdae1e1ee265c2d
mysql55-mysql-devel-5.5.37-1.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: fd2654d946b8d4024844968ef60ef7b4
SHA-256: 3c4d2ce7223aa2be0d6ee5f3cf4b9f3e8fd3f1c27662e43017a622428c31cdda
mysql55-mysql-libs-5.5.37-1.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 68ca17a6e527f4adecca40dfdac7792e
SHA-256: 910f585eea59522b30db3f7978fb99de96819ae4badea021a885bf647cf714e8
mysql55-mysql-server-5.5.37-1.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: fec169d9278540243afc246bfbd972d3
SHA-256: 5212abadb68e5858c12bd87f7e611d940bc2185cebad2a164422504e7cf9d378
mysql55-mysql-test-5.5.37-1.el5.ia64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 989354b174df01b400fd8d4e653df358
SHA-256: 85e754e5a082b40fa681bc933993f703efc73a495ad11619210537be45a86aac
 
PPC:
mysql55-mysql-5.5.37-1.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 69add3cb8e785efaea4b4972c30b15b6
SHA-256: b8abeab83d6d4027bacc2f24d5e2be564f8fd86ddf97cc5c1e9482283fbbe4d4
mysql55-mysql-bench-5.5.37-1.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 0461fee93a7ff78be83fcc893fafd57c
SHA-256: 9e9fac84c9331bcc966ff62f92bbcbd64d950c8c28de04954864f0505c1dd09c
mysql55-mysql-debuginfo-5.5.37-1.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 3ca58f97efbdd5691fe2762c8eccca54
SHA-256: 4fb8ad3311409654cc0d0798397eb65f80164a38fb39248287808f323b4ae582
mysql55-mysql-debuginfo-5.5.37-1.el5.ppc64.rpm
File outdated by:  RHSA-2015:1628
    MD5: b2f9d13659bcfc1d98d941ebb64e0d6b
SHA-256: 2a0f4bd085a7af9089601e97675688cf398c4bcbcb6c1dd8dd508be2b8dc4c6e
mysql55-mysql-devel-5.5.37-1.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 0cddf236b28a3a2dccd61362d14fead9
SHA-256: b6a4f8a519a7482163c88bb2d42e8c5587d8f0aabed16af6cab0308ea415be57
mysql55-mysql-devel-5.5.37-1.el5.ppc64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 11766835fb19117cc826c7483172a81e
SHA-256: 083013df2721548110a4956849da4babcbb4e2a91b671d6e4b32a8f12e9b2913
mysql55-mysql-libs-5.5.37-1.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: e69055795e36646e012f622b2a671a6c
SHA-256: eaa7327453492cf6072dd09ef88f878f91cf7fea459af336eb4cd9cc78fcd9bd
mysql55-mysql-server-5.5.37-1.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: ba9ac79535aad30b06dafc91fc324575
SHA-256: 06f02a8aac169c4ae2a1fcc7f5f289b298c51b905d8034551030ab86f3726edd
mysql55-mysql-test-5.5.37-1.el5.ppc.rpm
File outdated by:  RHSA-2015:1628
    MD5: 92f5e2539e6cedf88faf64da774e4426
SHA-256: 7996e80f3a21be31ecf59cfb25703f1cca20b503acb66fd275b2f39096b09be3
 
s390x:
mysql55-mysql-5.5.37-1.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 066ea1101b573ecd0a4db76e1c47a183
SHA-256: 282132aeef4f19ca49c6a94503455dc113e3609b24fb90c4f9e756f0242cea3b
mysql55-mysql-bench-5.5.37-1.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 285badb53f2eec84a3f72716c5b1b74a
SHA-256: ba19e04b662c999d67695d90c200407fd0d4f5ed353c2aa601505cd55dc2a01e
mysql55-mysql-debuginfo-5.5.37-1.el5.s390.rpm
File outdated by:  RHSA-2015:1628
    MD5: bd27e0beb911de8cfe6f8b8a5bddfde8
SHA-256: e36aa60a458a8a09fa91cc67d880ef227befc8480121ce452c96106ad56e8ba8
mysql55-mysql-debuginfo-5.5.37-1.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 25594cc92c53165b893f8652081813f0
SHA-256: 6b9d5f22cb1349f622ff5acc71f9444baa60536a533502b4d6f16b10c1d6b1e7
mysql55-mysql-devel-5.5.37-1.el5.s390.rpm
File outdated by:  RHSA-2015:1628
    MD5: 9790bf13703b1a1a17aa2149c0f9edaa
SHA-256: 356eeefca73f0f59f04050b563a5ce183cae7d5a477b387581eb63f9d367bf39
mysql55-mysql-devel-5.5.37-1.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: 4b806ec9313bdfa2b81b97089ff2b7ba
SHA-256: fd7215507b5ae1b33c4e294dff272e5f04571493653af4cb80afef3ce3be6d93
mysql55-mysql-libs-5.5.37-1.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: dcd0f40f19c5bc8868746c094bd5b22a
SHA-256: 303873142d2bfe0ae5c368e093f6bf16439a6a35ae2e16c950fb49f5f79e476c
mysql55-mysql-server-5.5.37-1.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: db546e848cde3e55956bf0ce55b4b9dc
SHA-256: 5b5170527a6736a670d05e61eb8b7ce6cb49b681e677474eb55d838b24b7393e
mysql55-mysql-test-5.5.37-1.el5.s390x.rpm
File outdated by:  RHSA-2015:1628
    MD5: e30c625a8372559a080046742c08f531
SHA-256: 280eea51c267bb63b1c6f4d81af2d164b94d02e53cd10b4e00a64630ca036286
 
x86_64:
mysql55-mysql-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 4c01e71048d530171f2cdfc30b3cfb15
SHA-256: d365857f99ac59c648aac7768827e974415886bb81d604641cfd12f638afce23
mysql55-mysql-bench-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 4e0fb1039fc5491b2d59cfcdf8d33379
SHA-256: 142e7a8e5db74f7df19ca9f553424adbecb871b27d460c32fe77f4a8c56b848f
mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 6d6da4141cb8d0bd237be48154323b46
SHA-256: 3242e2b90a6e24c198298af5c04ff23e956ba3f9c299c1e9c24cf464b8d2ff29
mysql55-mysql-debuginfo-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: a44598c371b7c85471374c62cf495a75
SHA-256: 7a04f16f771549897ed4bfcd535e1e1abd2afcca8044c3d4bfebcc1591efb216
mysql55-mysql-devel-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: b76d750405be67cba93488342769615a
SHA-256: 9266a797f882da1fd35b56add63fdabe18a6935dec56b32d44e5cd8414d47795
mysql55-mysql-devel-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 01486ea85646a1e9018f8090c2ea18fd
SHA-256: 5359261d03badd160d5f369f267a4f3beea044216e039c133b91c986fbdc2660
mysql55-mysql-libs-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: c3da369b6d3e2abd763a8d465974a2cc
SHA-256: 848e81bcfa591b0b08b7da4dc1e255483b60d3dc621a7f9d468c51bc335f08ee
mysql55-mysql-server-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 81cde717863c6711440c1da96addb3a8
SHA-256: 27e49222063cee819ad2263d2ed9f1f9087c44dcc012904b601b6e85d48586e0
mysql55-mysql-test-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: dbca09c61d5690431d4fbb6d4cc1417c
SHA-256: ef4afbb08eaa4edf76cca8043a02db85819ae35b480c2e78787d5dfee4ab26f3
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
mysql55-mysql-5.5.37-1.el5.src.rpm
File outdated by:  RHSA-2015:1628
    MD5: 382d55c0048af099aec25c8f6e66dd25
SHA-256: f715b356d63943245bfa3a902afb0ab908ba5cd724d73c66abd32a99f0103f08
 
IA-32:
mysql55-mysql-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 4427d7faa636d1f0c79d36c93e0d83b0
SHA-256: 1615e44e9415a488abea7e89148efcf6020eeedf27d13abe590ac4413ceb4f61
mysql55-mysql-bench-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: be3bd5ac6cf48e48e33533beb62fe7ea
SHA-256: 32134a0eafad9ee941be95a9335185dabb165ed9bed8a207f0a6d135071145ea
mysql55-mysql-debuginfo-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 6d6da4141cb8d0bd237be48154323b46
SHA-256: 3242e2b90a6e24c198298af5c04ff23e956ba3f9c299c1e9c24cf464b8d2ff29
mysql55-mysql-libs-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 157ca6ef3ace5ec56268a95e603b5e60
SHA-256: 9bd2ee06d9db5cfe99f34097d835b01c357843e44a82ac62f873a19188de556b
mysql55-mysql-server-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: c5578fbc6b6d9d0db7849bc12da721c5
SHA-256: 6fa7ddb432806a3da8fbd10eab88a11f62c0f27173c178bd78da80ca48fef529
mysql55-mysql-test-5.5.37-1.el5.i386.rpm
File outdated by:  RHSA-2015:1628
    MD5: 16e0c9a930c95a33a432a5e1fb03f922
SHA-256: 6516b089ae800ba7517491995b10a3773c8c21cdad51296675261d931168ceee
 
x86_64:
mysql55-mysql-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 4c01e71048d530171f2cdfc30b3cfb15
SHA-256: d365857f99ac59c648aac7768827e974415886bb81d604641cfd12f638afce23
mysql55-mysql-bench-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 4e0fb1039fc5491b2d59cfcdf8d33379
SHA-256: 142e7a8e5db74f7df19ca9f553424adbecb871b27d460c32fe77f4a8c56b848f
mysql55-mysql-debuginfo-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: a44598c371b7c85471374c62cf495a75
SHA-256: 7a04f16f771549897ed4bfcd535e1e1abd2afcca8044c3d4bfebcc1591efb216
mysql55-mysql-libs-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: c3da369b6d3e2abd763a8d465974a2cc
SHA-256: 848e81bcfa591b0b08b7da4dc1e255483b60d3dc621a7f9d468c51bc335f08ee
mysql55-mysql-server-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: 81cde717863c6711440c1da96addb3a8
SHA-256: 27e49222063cee819ad2263d2ed9f1f9087c44dcc012904b601b6e85d48586e0
mysql55-mysql-test-5.5.37-1.el5.x86_64.rpm
File outdated by:  RHSA-2015:1628
    MD5: dbca09c61d5690431d4fbb6d4cc1417c
SHA-256: ef4afbb08eaa4edf76cca8043a02db85819ae35b480c2e78787d5dfee4ab26f3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1088133 - CVE-2014-0384 mysql: unspecified DoS related to XML (CPU April 2014)
1088134 - CVE-2014-2419 mysql: unspecified DoS related to Partition (CPU April 2014)
1088143 - CVE-2014-2430 mysql: unspecified DoS related to Performance Schema (CPU April 2014)
1088146 - CVE-2014-2431 mysql: unspecified DoS related to Options (CPU April 2014)
1088179 - CVE-2014-2432 mysql: unspecified DoS related to Federated (CPU April 2014)
1088190 - CVE-2014-2436 mysql: unspecified vulnerability related to RBR (CPU April 2014)
1088191 - CVE-2014-2438 mysql: unspecified DoS related to Replication (CPU April 2014)
1088197 - CVE-2014-2440 mysql: unspecified vulnerability related to Client (CPU April 2014)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/