ALAS-2014-298


Amazon Linux AMI Security Advisory: ALAS-2014-298
Advisory Release Date: 2014-09-16 22:37 Pacific
Severity: Medium

Issue Overview:

This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-0386 , CVE-2014-0393 , CVE-2014-0401 , CVE-2014-0402 , CVE-2014-0412 , CVE-2014-0437 , CVE-2013-5908 )

A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001 )


Affected Packages:

mysql51


Issue Correction:
Run yum update mysql51 to update your system.

New Packages:
i686:
    mysql51-embedded-5.1.73-3.68.amzn1.i686
    mysql51-common-5.1.73-3.68.amzn1.i686
    mysql51-5.1.73-3.68.amzn1.i686
    mysql51-devel-5.1.73-3.68.amzn1.i686
    mysql51-server-5.1.73-3.68.amzn1.i686
    mysql51-bench-5.1.73-3.68.amzn1.i686
    mysql51-debuginfo-5.1.73-3.68.amzn1.i686
    mysql51-test-5.1.73-3.68.amzn1.i686
    mysql51-embedded-devel-5.1.73-3.68.amzn1.i686
    mysql51-libs-5.1.73-3.68.amzn1.i686

src:
    mysql51-5.1.73-3.68.amzn1.src

x86_64:
    mysql51-server-5.1.73-3.68.amzn1.x86_64
    mysql51-libs-5.1.73-3.68.amzn1.x86_64
    mysql51-test-5.1.73-3.68.amzn1.x86_64
    mysql51-debuginfo-5.1.73-3.68.amzn1.x86_64
    mysql51-embedded-devel-5.1.73-3.68.amzn1.x86_64
    mysql51-embedded-5.1.73-3.68.amzn1.x86_64
    mysql51-bench-5.1.73-3.68.amzn1.x86_64
    mysql51-devel-5.1.73-3.68.amzn1.x86_64
    mysql51-common-5.1.73-3.68.amzn1.x86_64
    mysql51-5.1.73-3.68.amzn1.x86_64