Red Hat Product Errata RHSA-2017:3442 - Security Advisory

Issued:: 2017-12-12
Updated:: 2017-12-12

RHSA-2017:3442 - Security Advisory

Overview
Updated Packages

Synopsis

Important: rh-mysql57-mysql security update

Type/Severity

Security Advisory: Important

Topic

An update for rh-mysql57-mysql is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version: rh-mysql57-mysql (5.7.20). (BZ#1505114)

Security Fix(es):

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page listed in the References section. (CVE-2017-10155, CVE-2017-10165, CVE-2017-10167, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10279, CVE-2017-10283, CVE-2017-10284, CVE-2017-10286, CVE-2017-10294, CVE-2017-10296, CVE-2017-10311, CVE-2017-10313, CVE-2017-10314, CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.

Affected Products

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

Fixes

BZ - 1503649 - CVE-2017-10155 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Oct 2017)
BZ - 1503651 - CVE-2017-10165 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
BZ - 1503653 - CVE-2017-10167 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
BZ - 1503654 - CVE-2017-10227 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
BZ - 1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
BZ - 1503659 - CVE-2017-10276 mysql: Server: FTS unspecified vulnerability (CPU Oct 2017)
BZ - 1503663 - CVE-2017-10279 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
BZ - 1503664 - CVE-2017-10283 mysql: Server: Performance Schema unspecified vulnerability (CPU Oct 2017)
BZ - 1503665 - CVE-2017-10284 mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2017)
BZ - 1503669 - CVE-2017-10286 mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
BZ - 1503671 - CVE-2017-10294 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
BZ - 1503673 - CVE-2017-10296 mysql: Server: DML unspecified vulnerability (CPU Oct 2017)
BZ - 1503674 - CVE-2017-10311 mysql: Server: FTS unspecified vulnerability (CPU Oct 2017)
BZ - 1503677 - CVE-2017-10313 mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2017)
BZ - 1503679 - CVE-2017-10314 mysql: Server: Memcached unspecified vulnerability (CPU Oct 2017)
BZ - 1503681 - CVE-2017-10320 mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
BZ - 1503682 - CVE-2017-10365 mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
BZ - 1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
BZ - 1503685 - CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017)
BZ - 1503686 - CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5

SRPM
rh-mysql57-mysql-5.7.20-1.el7.src.rpm	SHA-256: 752931f4082452c14b00c43da71a5c0a17b30e7dbfd3d8035829cb7dc81789cb
x86_64
rh-mysql57-mysql-5.7.20-1.el7.x86_64.rpm	SHA-256: 38cfee7008900e6b8ebf3f966390ef1ebddcc0591b4ba1d9364e5b1a82f0ffa0
rh-mysql57-mysql-common-5.7.20-1.el7.x86_64.rpm	SHA-256: a655b091d48206bb6f43e63b71f31b0d68f0e19d9e11ffc60cb524b887bd8b66
rh-mysql57-mysql-config-5.7.20-1.el7.x86_64.rpm	SHA-256: b30308648b0c402c7de4f74af3adffcca0000c4012c9131637b73e1c090d097e
rh-mysql57-mysql-debuginfo-5.7.20-1.el7.x86_64.rpm	SHA-256: f76be0f23b7271d08304000f88326c7dc06bc4a741ec8adc2577ffe5d457c12a
rh-mysql57-mysql-devel-5.7.20-1.el7.x86_64.rpm	SHA-256: ec5806d0dfed6c02139e76ed2aa6b942606a09bfe9404a0be6e6740c97bee69e
rh-mysql57-mysql-errmsg-5.7.20-1.el7.x86_64.rpm	SHA-256: ec6c63822045f7a27958c32c136a9933abb78319d08b889b256784c4d46a82b4
rh-mysql57-mysql-server-5.7.20-1.el7.x86_64.rpm	SHA-256: 458d511eead85e0442a78f28e8efa6202fbf7483d8926a6dcb1f717a86648178
rh-mysql57-mysql-test-5.7.20-1.el7.x86_64.rpm	SHA-256: 9cde847f563f661c2e641d43d3450d0242bf068c5048a4d14fba40dcfaded6d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4

SRPM
rh-mysql57-mysql-5.7.20-1.el7.src.rpm	SHA-256: 752931f4082452c14b00c43da71a5c0a17b30e7dbfd3d8035829cb7dc81789cb
x86_64
rh-mysql57-mysql-5.7.20-1.el7.x86_64.rpm	SHA-256: 38cfee7008900e6b8ebf3f966390ef1ebddcc0591b4ba1d9364e5b1a82f0ffa0
rh-mysql57-mysql-common-5.7.20-1.el7.x86_64.rpm	SHA-256: a655b091d48206bb6f43e63b71f31b0d68f0e19d9e11ffc60cb524b887bd8b66
rh-mysql57-mysql-config-5.7.20-1.el7.x86_64.rpm	SHA-256: b30308648b0c402c7de4f74af3adffcca0000c4012c9131637b73e1c090d097e
rh-mysql57-mysql-debuginfo-5.7.20-1.el7.x86_64.rpm	SHA-256: f76be0f23b7271d08304000f88326c7dc06bc4a741ec8adc2577ffe5d457c12a
rh-mysql57-mysql-devel-5.7.20-1.el7.x86_64.rpm	SHA-256: ec5806d0dfed6c02139e76ed2aa6b942606a09bfe9404a0be6e6740c97bee69e
rh-mysql57-mysql-errmsg-5.7.20-1.el7.x86_64.rpm	SHA-256: ec6c63822045f7a27958c32c136a9933abb78319d08b889b256784c4d46a82b4
rh-mysql57-mysql-server-5.7.20-1.el7.x86_64.rpm	SHA-256: 458d511eead85e0442a78f28e8efa6202fbf7483d8926a6dcb1f717a86648178
rh-mysql57-mysql-test-5.7.20-1.el7.x86_64.rpm	SHA-256: 9cde847f563f661c2e641d43d3450d0242bf068c5048a4d14fba40dcfaded6d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3

SRPM
rh-mysql57-mysql-5.7.20-1.el7.src.rpm	SHA-256: 752931f4082452c14b00c43da71a5c0a17b30e7dbfd3d8035829cb7dc81789cb
x86_64
rh-mysql57-mysql-5.7.20-1.el7.x86_64.rpm	SHA-256: 38cfee7008900e6b8ebf3f966390ef1ebddcc0591b4ba1d9364e5b1a82f0ffa0
rh-mysql57-mysql-common-5.7.20-1.el7.x86_64.rpm	SHA-256: a655b091d48206bb6f43e63b71f31b0d68f0e19d9e11ffc60cb524b887bd8b66
rh-mysql57-mysql-config-5.7.20-1.el7.x86_64.rpm	SHA-256: b30308648b0c402c7de4f74af3adffcca0000c4012c9131637b73e1c090d097e
rh-mysql57-mysql-debuginfo-5.7.20-1.el7.x86_64.rpm	SHA-256: f76be0f23b7271d08304000f88326c7dc06bc4a741ec8adc2577ffe5d457c12a
rh-mysql57-mysql-devel-5.7.20-1.el7.x86_64.rpm	SHA-256: ec5806d0dfed6c02139e76ed2aa6b942606a09bfe9404a0be6e6740c97bee69e
rh-mysql57-mysql-errmsg-5.7.20-1.el7.x86_64.rpm	SHA-256: ec6c63822045f7a27958c32c136a9933abb78319d08b889b256784c4d46a82b4
rh-mysql57-mysql-server-5.7.20-1.el7.x86_64.rpm	SHA-256: 458d511eead85e0442a78f28e8efa6202fbf7483d8926a6dcb1f717a86648178
rh-mysql57-mysql-test-5.7.20-1.el7.x86_64.rpm	SHA-256: 9cde847f563f661c2e641d43d3450d0242bf068c5048a4d14fba40dcfaded6d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-mysql57-mysql-5.7.20-1.el7.src.rpm	SHA-256: 752931f4082452c14b00c43da71a5c0a17b30e7dbfd3d8035829cb7dc81789cb
x86_64
rh-mysql57-mysql-5.7.20-1.el7.x86_64.rpm	SHA-256: 38cfee7008900e6b8ebf3f966390ef1ebddcc0591b4ba1d9364e5b1a82f0ffa0
rh-mysql57-mysql-common-5.7.20-1.el7.x86_64.rpm	SHA-256: a655b091d48206bb6f43e63b71f31b0d68f0e19d9e11ffc60cb524b887bd8b66
rh-mysql57-mysql-config-5.7.20-1.el7.x86_64.rpm	SHA-256: b30308648b0c402c7de4f74af3adffcca0000c4012c9131637b73e1c090d097e
rh-mysql57-mysql-debuginfo-5.7.20-1.el7.x86_64.rpm	SHA-256: f76be0f23b7271d08304000f88326c7dc06bc4a741ec8adc2577ffe5d457c12a
rh-mysql57-mysql-devel-5.7.20-1.el7.x86_64.rpm	SHA-256: ec5806d0dfed6c02139e76ed2aa6b942606a09bfe9404a0be6e6740c97bee69e
rh-mysql57-mysql-errmsg-5.7.20-1.el7.x86_64.rpm	SHA-256: ec6c63822045f7a27958c32c136a9933abb78319d08b889b256784c4d46a82b4
rh-mysql57-mysql-server-5.7.20-1.el7.x86_64.rpm	SHA-256: 458d511eead85e0442a78f28e8efa6202fbf7483d8926a6dcb1f717a86648178
rh-mysql57-mysql-test-5.7.20-1.el7.x86_64.rpm	SHA-256: 9cde847f563f661c2e641d43d3450d0242bf068c5048a4d14fba40dcfaded6d8

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7

SRPM
rh-mysql57-mysql-5.7.20-1.el6.src.rpm	SHA-256: 6f858c84288d2a2c7f97693354afa6244ae48b94db4eff76716deaaf51f20217
x86_64
rh-mysql57-mysql-5.7.20-1.el6.x86_64.rpm	SHA-256: c9b123516e8fc26b0f8535a717df7554ff9a1a21b1a30d3a1168f302e4002f34
rh-mysql57-mysql-common-5.7.20-1.el6.x86_64.rpm	SHA-256: 0a7a72e20bd5713d6abfec0996918625942eabdd72c199081b211511c4c1bc01
rh-mysql57-mysql-config-5.7.20-1.el6.x86_64.rpm	SHA-256: 90fefde90ad9d72929c77f67ce95f7d3c7e5f9683ad856db2d5bf5c7699a3d5e
rh-mysql57-mysql-debuginfo-5.7.20-1.el6.x86_64.rpm	SHA-256: 6e380d9d595c74af0ebb47441be9a1a0704c3a47bc958634d22b380129912deb
rh-mysql57-mysql-devel-5.7.20-1.el6.x86_64.rpm	SHA-256: 87b4592bceefe0d01ada68d48fffe22df959492ffb6142476ed43c805ce751a5
rh-mysql57-mysql-errmsg-5.7.20-1.el6.x86_64.rpm	SHA-256: d29f26d9c18090fe7dfd31cbce5f56d2b7ca118fbf26bb1ee4fac703626e5a2b
rh-mysql57-mysql-server-5.7.20-1.el6.x86_64.rpm	SHA-256: b43837a625a2c5b4b7cbc2becb2253d6c1079869d1f35d09a757f70d8ea44306
rh-mysql57-mysql-test-5.7.20-1.el6.x86_64.rpm	SHA-256: baa73bd1e27d2142cd42d7fdd326c06a8a9a304129e6ed80d0f07b321c8ec8ff

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6

SRPM
rh-mysql57-mysql-5.7.20-1.el6.src.rpm	SHA-256: 6f858c84288d2a2c7f97693354afa6244ae48b94db4eff76716deaaf51f20217
x86_64
rh-mysql57-mysql-5.7.20-1.el6.x86_64.rpm	SHA-256: c9b123516e8fc26b0f8535a717df7554ff9a1a21b1a30d3a1168f302e4002f34
rh-mysql57-mysql-common-5.7.20-1.el6.x86_64.rpm	SHA-256: 0a7a72e20bd5713d6abfec0996918625942eabdd72c199081b211511c4c1bc01
rh-mysql57-mysql-config-5.7.20-1.el6.x86_64.rpm	SHA-256: 90fefde90ad9d72929c77f67ce95f7d3c7e5f9683ad856db2d5bf5c7699a3d5e
rh-mysql57-mysql-debuginfo-5.7.20-1.el6.x86_64.rpm	SHA-256: 6e380d9d595c74af0ebb47441be9a1a0704c3a47bc958634d22b380129912deb
rh-mysql57-mysql-devel-5.7.20-1.el6.x86_64.rpm	SHA-256: 87b4592bceefe0d01ada68d48fffe22df959492ffb6142476ed43c805ce751a5
rh-mysql57-mysql-errmsg-5.7.20-1.el6.x86_64.rpm	SHA-256: d29f26d9c18090fe7dfd31cbce5f56d2b7ca118fbf26bb1ee4fac703626e5a2b
rh-mysql57-mysql-server-5.7.20-1.el6.x86_64.rpm	SHA-256: b43837a625a2c5b4b7cbc2becb2253d6c1079869d1f35d09a757f70d8ea44306
rh-mysql57-mysql-test-5.7.20-1.el6.x86_64.rpm	SHA-256: baa73bd1e27d2142cd42d7fdd326c06a8a9a304129e6ed80d0f07b321c8ec8ff

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-mysql57-mysql-5.7.20-1.el7.src.rpm	SHA-256: 752931f4082452c14b00c43da71a5c0a17b30e7dbfd3d8035829cb7dc81789cb
x86_64
rh-mysql57-mysql-5.7.20-1.el7.x86_64.rpm	SHA-256: 38cfee7008900e6b8ebf3f966390ef1ebddcc0591b4ba1d9364e5b1a82f0ffa0
rh-mysql57-mysql-common-5.7.20-1.el7.x86_64.rpm	SHA-256: a655b091d48206bb6f43e63b71f31b0d68f0e19d9e11ffc60cb524b887bd8b66
rh-mysql57-mysql-config-5.7.20-1.el7.x86_64.rpm	SHA-256: b30308648b0c402c7de4f74af3adffcca0000c4012c9131637b73e1c090d097e
rh-mysql57-mysql-debuginfo-5.7.20-1.el7.x86_64.rpm	SHA-256: f76be0f23b7271d08304000f88326c7dc06bc4a741ec8adc2577ffe5d457c12a
rh-mysql57-mysql-devel-5.7.20-1.el7.x86_64.rpm	SHA-256: ec5806d0dfed6c02139e76ed2aa6b942606a09bfe9404a0be6e6740c97bee69e
rh-mysql57-mysql-errmsg-5.7.20-1.el7.x86_64.rpm	SHA-256: ec6c63822045f7a27958c32c136a9933abb78319d08b889b256784c4d46a82b4
rh-mysql57-mysql-server-5.7.20-1.el7.x86_64.rpm	SHA-256: 458d511eead85e0442a78f28e8efa6202fbf7483d8926a6dcb1f717a86648178
rh-mysql57-mysql-test-5.7.20-1.el7.x86_64.rpm	SHA-256: 9cde847f563f661c2e641d43d3450d0242bf068c5048a4d14fba40dcfaded6d8

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6

SRPM
rh-mysql57-mysql-5.7.20-1.el6.src.rpm	SHA-256: 6f858c84288d2a2c7f97693354afa6244ae48b94db4eff76716deaaf51f20217
x86_64
rh-mysql57-mysql-5.7.20-1.el6.x86_64.rpm	SHA-256: c9b123516e8fc26b0f8535a717df7554ff9a1a21b1a30d3a1168f302e4002f34
rh-mysql57-mysql-common-5.7.20-1.el6.x86_64.rpm	SHA-256: 0a7a72e20bd5713d6abfec0996918625942eabdd72c199081b211511c4c1bc01
rh-mysql57-mysql-config-5.7.20-1.el6.x86_64.rpm	SHA-256: 90fefde90ad9d72929c77f67ce95f7d3c7e5f9683ad856db2d5bf5c7699a3d5e
rh-mysql57-mysql-debuginfo-5.7.20-1.el6.x86_64.rpm	SHA-256: 6e380d9d595c74af0ebb47441be9a1a0704c3a47bc958634d22b380129912deb
rh-mysql57-mysql-devel-5.7.20-1.el6.x86_64.rpm	SHA-256: 87b4592bceefe0d01ada68d48fffe22df959492ffb6142476ed43c805ce751a5
rh-mysql57-mysql-errmsg-5.7.20-1.el6.x86_64.rpm	SHA-256: d29f26d9c18090fe7dfd31cbce5f56d2b7ca118fbf26bb1ee4fac703626e5a2b
rh-mysql57-mysql-server-5.7.20-1.el6.x86_64.rpm	SHA-256: b43837a625a2c5b4b7cbc2becb2253d6c1079869d1f35d09a757f70d8ea44306
rh-mysql57-mysql-test-5.7.20-1.el6.x86_64.rpm	SHA-256: baa73bd1e27d2142cd42d7fdd326c06a8a9a304129e6ed80d0f07b321c8ec8ff

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories