Amazon Linux 1 Security Advisory: ALAS-2014-298
Advisory Release Date: 2014-03-06 14:56 Pacific
Advisory Updated Date: 2014-09-16 22:37 Pacific
Severity:
Medium
References:
CVE-2013-5908
CVE-2014-0001
CVE-2014-0386
CVE-2014-0393
CVE-2014-0401
CVE-2014-0402
CVE-2014-0412
CVE-2014-0437
RHSA-2014-0164
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908)
A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001)
Affected Packages:
mysql51
Issue Correction:
Run yum update mysql51 to update your system.
New Packages:
i686:
mysql51-embedded-5.1.73-3.68.amzn1.i686
mysql51-common-5.1.73-3.68.amzn1.i686
mysql51-5.1.73-3.68.amzn1.i686
mysql51-devel-5.1.73-3.68.amzn1.i686
mysql51-server-5.1.73-3.68.amzn1.i686
mysql51-bench-5.1.73-3.68.amzn1.i686
mysql51-debuginfo-5.1.73-3.68.amzn1.i686
mysql51-test-5.1.73-3.68.amzn1.i686
mysql51-embedded-devel-5.1.73-3.68.amzn1.i686
mysql51-libs-5.1.73-3.68.amzn1.i686
src:
mysql51-5.1.73-3.68.amzn1.src
x86_64:
mysql51-server-5.1.73-3.68.amzn1.x86_64
mysql51-libs-5.1.73-3.68.amzn1.x86_64
mysql51-test-5.1.73-3.68.amzn1.x86_64
mysql51-debuginfo-5.1.73-3.68.amzn1.x86_64
mysql51-embedded-devel-5.1.73-3.68.amzn1.x86_64
mysql51-embedded-5.1.73-3.68.amzn1.x86_64
mysql51-bench-5.1.73-3.68.amzn1.x86_64
mysql51-devel-5.1.73-3.68.amzn1.x86_64
mysql51-common-5.1.73-3.68.amzn1.x86_64
mysql51-5.1.73-3.68.amzn1.x86_64