Synopsis
Moderate: rh-mysql57-mysql security update
Type/Severity
Security Advisory: Moderate
Topic
An update for rh-mysql57-mysql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version: rh-mysql57-mysql (5.7.24). (BZ#1642523, BZ#1643049, BZ#1643060)
Security Fix(es):
- mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)
- mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2758, CVE-2018-2818)
- mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2819)
- mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)
- mysql: Server: Connection unspecified vulnerability (CPU Apr 2018) (CVE-2018-2762)
- mysql: Server: Pluggable Auth unspecified vulnerability (CPU Apr 2018) (CVE-2018-2769)
- mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)
- mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2812, CVE-2018-2816)
- mysql: Group Replication GCS unspecified vulnerability (CPU Apr 2018) (CVE-2018-2776)
- mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2813, CVE-2018-2817)
- mysql: Server: DML unspecified vulnerability (CPU Apr 2018) (CVE-2018-2839)
- mysql: Server: Performance Schema unspecified vulnerability (CPU Apr 2018) (CVE-2018-2846)
- mysql: Server: DDL multiple unspecified vulnerabilities (CPU Jul 2018) (CVE-2018-3054, CVE-2018-3077)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3056)
- mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)
- mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2018) (CVE-2018-3060, CVE-2018-3064)
- mysql: Server: DML multiple unspecified vulnerabilities (CPU Jul 2018) (CVE-2018-3061, CVE-2018-3065)
- mysql: Server: Memcached unspecified vulnerability (CPU Jul 2018) (CVE-2018-3062)
- mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018) (CVE-2018-3070)
- mysql: Audit Log unspecified vulnerability (CPU Jul 2018) (CVE-2018-3071)
- mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)
- mysql: Server: Parser multiple unspecified vulnerabilities (CPU Oct 2018) (CVE-2018-3133, CVE-2018-3155)
- mysql: InnoDB multiple unspecified vulnerabilities (CPU Oct 2018) (CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3284)
- mysql: Server: Security: Audit unspecified vulnerability (CPU Oct 2018) (CVE-2018-3144)
- mysql: Server: Partition multiple unspecified vulnerabilities (CPU Oct 2018) (CVE-2018-3161, CVE-2018-3171)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2018) (CVE-2018-3187)
- mysql: Server: Merge unspecified vulnerability (CPU Oct 2018) (CVE-2018-3247)
- mysql: Server: Memcached unspecified vulnerability (CPU Oct 2018) (CVE-2018-3276)
- mysql: Server: RBR unspecified vulnerability (CPU Oct 2018) (CVE-2018-3278)
- mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)
- mysql: Server: Logging unspecified vulnerability (CPU Oct 2018) (CVE-2018-3283)
- mysql: pid file can be created in a world-writeable directory (CPU Apr 2018) (CVE-2018-2773)
- mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)
- mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) (CVE-2018-3174)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.
Affected Products
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.5 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.5 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.4 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.4 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.3 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.3 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
-
Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
-
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
-
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64
Fixes
- BZ - 1568921 - CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
- BZ - 1568922 - CVE-2018-2758 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018)
- BZ - 1568923 - CVE-2018-2759 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568924 - CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
- BZ - 1568925 - CVE-2018-2762 mysql: Server: Connection unspecified vulnerability (CPU Apr 2018)
- BZ - 1568926 - CVE-2018-2766 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568927 - CVE-2018-2769 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Apr 2018)
- BZ - 1568931 - CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
- BZ - 1568932 - CVE-2018-2773 mysql: pid file can be created in a world-writeable directory (CPU Apr 2018)
- BZ - 1568934 - CVE-2018-2775 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568936 - CVE-2018-2776 mysql: Group Replication GCS unspecified vulnerability (CPU Apr 2018)
- BZ - 1568937 - CVE-2018-2777 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568938 - CVE-2018-2778 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568940 - CVE-2018-2779 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568941 - CVE-2018-2780 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568942 - CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568943 - CVE-2018-2782 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568944 - CVE-2018-2784 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568945 - CVE-2018-2786 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568946 - CVE-2018-2787 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568949 - CVE-2018-2810 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568950 - CVE-2018-2812 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568951 - CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
- BZ - 1568953 - CVE-2018-2816 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568954 - CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
- BZ - 1568955 - CVE-2018-2818 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018)
- BZ - 1568956 - CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568957 - CVE-2018-2839 mysql: Server: DML unspecified vulnerability (CPU Apr 2018)
- BZ - 1568958 - CVE-2018-2846 mysql: Server: Performance Schema unspecified vulnerability (CPU Apr 2018)
- BZ - 1602354 - CVE-2018-3054 mysql: Server: DDL unspecified vulnerability (CPU Jul 2018)
- BZ - 1602355 - CVE-2018-3056 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018)
- BZ - 1602356 - CVE-2018-3058 mysql: MyISAM unspecified vulnerability (CPU Jul 2018)
- BZ - 1602357 - CVE-2018-3060 mysql: InnoDB unspecified vulnerability (CPU Jul 2018)
- BZ - 1602359 - CVE-2018-3061 mysql: Server: DML unspecified vulnerability (CPU Jul 2018)
- BZ - 1602360 - CVE-2018-3062 mysql: Server: Memcached unspecified vulnerability (CPU Jul 2018)
- BZ - 1602364 - CVE-2018-3064 mysql: InnoDB unspecified vulnerability (CPU Jul 2018)
- BZ - 1602365 - CVE-2018-3065 mysql: Server: DML unspecified vulnerability (CPU Jul 2018)
- BZ - 1602366 - CVE-2018-3066 mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
- BZ - 1602369 - CVE-2018-3070 mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018)
- BZ - 1602370 - CVE-2018-3071 mysql: Audit Log unspecified vulnerability (CPU Jul 2018)
- BZ - 1602375 - CVE-2018-3077 mysql: Server: DDL unspecified vulnerability (CPU Jul 2018)
- BZ - 1602424 - CVE-2018-3081 mysql: Client programs unspecified vulnerability (CPU Jul 2018)
- BZ - 1640307 - CVE-2018-3276 mysql: Server: Memcached unspecified vulnerability (CPU Oct 2018)
- BZ - 1640308 - CVE-2018-3200 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640310 - CVE-2018-3284 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640312 - CVE-2018-3173 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640316 - CVE-2018-3162 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640317 - CVE-2018-3247 mysql: Server: Merge unspecified vulnerability (CPU Oct 2018)
- BZ - 1640318 - CVE-2018-3156 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640319 - CVE-2018-3161 mysql: Server: Partition unspecified vulnerability (CPU Oct 2018)
- BZ - 1640320 - CVE-2018-3278 mysql: Server: RBR unspecified vulnerability (CPU Oct 2018)
- BZ - 1640321 - CVE-2018-3174 mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)
- BZ - 1640322 - CVE-2018-3282 mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
- BZ - 1640324 - CVE-2018-3187 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2018)
- BZ - 1640325 - CVE-2018-3277 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640326 - CVE-2018-3144 mysql: Server: Security: Audit unspecified vulnerability (CPU Oct 2018)
- BZ - 1640331 - CVE-2018-3133 mysql: Server: Parser unspecified vulnerability (CPU Oct 2018)
- BZ - 1640332 - CVE-2018-3143 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640333 - CVE-2018-3283 mysql: Server: Logging unspecified vulnerability (CPU Oct 2018)
- BZ - 1640334 - CVE-2018-3171 mysql: Server: Partition unspecified vulnerability (CPU Oct 2018)
- BZ - 1640335 - CVE-2018-3251 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640337 - CVE-2018-3185 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640340 - CVE-2018-3155 mysql: Server: Parser unspecified vulnerability (CPU Oct 2018)
CVEs
References
Vulmon