[SECURITY] Fedora 20 Update: community-mysql-5.5.37-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Tue Apr 29 05:25:43 UTC 2014


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-5369
2014-04-20 00:14:57
--------------------------------------------------------------------------------

Name        : community-mysql
Product     : Fedora 20
Version     : 5.5.37
Release     : 1.fc20
URL         : http://www.mysql.com
Summary     : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.

--------------------------------------------------------------------------------
Update Information:

Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 17 2014 Honza Horak <hhorak at redhat.com> - 5.5.37-1
- Update to MySQL 5.5.37, for various fixes described at
  http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
  Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432
  CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
* Mon Feb  3 2014 Honza Horak <hhorak at redhat.com> 5.5.36-1
- Update to MySQL 5.5.36, for various fixes described at
  http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html
* Thu Jan 30 2014 Honza Horak <hhorak at redhat.com> 5.5.35-2
Fix for CVE-2014-0001
  Resolves: #1059545
- Don't test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl
  which now makes mariadb/mysql FTBFS because openssl_1 test fails
  Related: #1044565
* Mon Dec  9 2013 Honza Horak <hhorak at redhat.com> 5.5.35-1
- Update to MySQL 5.5.35, for various fixes described at
  http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1088134 - CVE-2014-2419 mysql: unspecified vulnerability in MySQL server related to Partition subcomponent
        https://bugzilla.redhat.com/show_bug.cgi?id=1088134
  [ 2 ] Bug #1088146 - CVE-2014-2431 mysql: unspecified vulnerability in MySQL server related to Options subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088146
  [ 3 ] Bug #1088190 - CVE-2014-2436 mysql: unspecified vulnerability in MySQL server related to RBR subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088190
  [ 4 ] Bug #1088197 - CVE-2014-2440 mysql: unspecified vulnerability in MySQL Client subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088197
  [ 5 ] Bug #1088133 - CVE-2014-0384 mysql: unspecified vulnerability in MySQL server related to XML subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088133
  [ 6 ] Bug #1088143 - CVE-2014-2430 mysql: unspecified vulnerability in MySQL server related to Performance Schema subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088143
  [ 7 ] Bug #1088179 - CVE-2014-2432 mysql: unspecified vulnerability in MySQL server related to Federated subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088179
  [ 8 ] Bug #1088191 - CVE-2014-2438 mysql: unspecified vulnerability in MySQL server related to Replication subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088191
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update community-mysql' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list