Amazon Linux 1 Security Advisory: ALAS-2014-298
Advisory Release Date: 2014-03-06 14:56 Pacific
Advisory Updated Date: 2014-09-16 22:37 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908)
A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001)
Affected Packages:
mysql51
Issue Correction:
Run yum update mysql51 to update your system.
i686:
mysql51-embedded-5.1.73-3.68.amzn1.i686
mysql51-common-5.1.73-3.68.amzn1.i686
mysql51-5.1.73-3.68.amzn1.i686
mysql51-devel-5.1.73-3.68.amzn1.i686
mysql51-server-5.1.73-3.68.amzn1.i686
mysql51-bench-5.1.73-3.68.amzn1.i686
mysql51-debuginfo-5.1.73-3.68.amzn1.i686
mysql51-test-5.1.73-3.68.amzn1.i686
mysql51-embedded-devel-5.1.73-3.68.amzn1.i686
mysql51-libs-5.1.73-3.68.amzn1.i686
src:
mysql51-5.1.73-3.68.amzn1.src
x86_64:
mysql51-server-5.1.73-3.68.amzn1.x86_64
mysql51-libs-5.1.73-3.68.amzn1.x86_64
mysql51-test-5.1.73-3.68.amzn1.x86_64
mysql51-debuginfo-5.1.73-3.68.amzn1.x86_64
mysql51-embedded-devel-5.1.73-3.68.amzn1.x86_64
mysql51-embedded-5.1.73-3.68.amzn1.x86_64
mysql51-bench-5.1.73-3.68.amzn1.x86_64
mysql51-devel-5.1.73-3.68.amzn1.x86_64
mysql51-common-5.1.73-3.68.amzn1.x86_64
mysql51-5.1.73-3.68.amzn1.x86_64