- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2014-5396
2014-04-20 00:16:44
——————————————————————————–
Name : community-mysql
Product : Fedora 19
Version : 5.5.37
Release : 1.fc19
URL : http://www.mysql.com
Summary : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.
——————————————————————————–
Update Information:
Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
——————————————————————————–
ChangeLog:
* Thu Apr 17 2014 Honza Horak <hhorak@redhat.com> – 5.5.37-1
– Update to MySQL 5.5.37, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432
CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
* Mon Feb 3 2014 Honza Horak <hhorak@redhat.com> 5.5.36-1
– Update to MySQL 5.5.36, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html
* Thu Jan 30 2014 Honza Horak <hhorak@redhat.com> 5.5.35-2
Fix for CVE-2014-0001
Resolves: #1059545
– Don’t test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl
which now makes mariadb/mysql FTBFS because openssl_1 test fails
Related: #1044565
* Mon Dec 9 2013 Honza Horak <hhorak@redhat.com> 5.5.35-1
– Update to MySQL 5.5.35, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html
* Fri Oct 18 2013 Honza Horak <hhorak@redhat.com> 5.5.34-1
– Update to MySQL 5.5.34, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-34.html
* Tue Aug 20 2013 Honza Horak <hhorak@redhat.com> 5.5.33-1
– Update to MySQL 5.5.33, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-33.html
* Tue Aug 20 2013 Honza Horak <hhorak@redhat.com> 5.5.32-12
– Fix multilib header location for arm
* Sat Aug 3 2013 Petr Pisar <ppisar@redhat.com> – 5.5.32-11
– Perl 5.18 rebuild
* Fri Jul 26 2013 Honza Horak <hhorak@redhat.com> 5.5.32-10
– Copy some generated files in order find-debuginfo.sh finds them
Related: #729040
– Fix systemd and perl requirements
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> – 5.5.32-9
– Perl 5.18 rebuild
* Mon Jul 15 2013 Honza Horak <hhorak@redhat.com> 5.5.32-8
– Revert path change to ldconfig, UsrMove is not complete yet
* Wed Jul 10 2013 Honza Horak <hhorak@redhat.com> 5.5.32-7
– Arm support for multilib hacks
* Tue Jul 9 2013 Honza Horak <hhorak@redhat.com> 5.5.32-6
– Use proper path to ldconfig
– Use xz instead of gzip
Resolves: #982387
* Mon Jul 1 2013 Honza Horak <hhorak@redhat.com> 5.5.32-5
– Fix misleading error message when uninstalling built-in plugins
Related: #966645
* Thu Jun 27 2013 Honza Horak <hhorak@redhat.com> 5.5.32-4
– Remove external man pages, upstream fixed man pages license
– Apply fixes found by Coverity static analysis tool
* Fri Jun 14 2013 Honza Horak <hhorak@redhat.com> 5.5.32-3
– Use man pages from 5.5.30, because their license do not
allow us to ship them since 5.5.31
* Fri Jun 7 2013 Honza Horak <hhorak@redhat.com> 5.5.32-1
– Update to MySQL 5.5.32, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-32.html
——————————————————————————–
References:
[ 1 ] Bug #1088133 – CVE-2014-0384 mysql: unspecified vulnerability in MySQL server related to XML subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088133
[ 2 ] Bug #1088134 – CVE-2014-2419 mysql: unspecified vulnerability in MySQL server related to Partition subcomponent
https://bugzilla.redhat.com/show_bug.cgi?id=1088134
[ 3 ] Bug #1088143 – CVE-2014-2430 mysql: unspecified vulnerability in MySQL server related to Performance Schema subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088143
[ 4 ] Bug #1088146 – CVE-2014-2431 mysql: unspecified vulnerability in MySQL server related to Options subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088146
[ 5 ] Bug #1088179 – CVE-2014-2432 mysql: unspecified vulnerability in MySQL server related to Federated subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088179
[ 6 ] Bug #1088190 – CVE-2014-2436 mysql: unspecified vulnerability in MySQL server related to RBR subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088190
[ 7 ] Bug #1088191 – CVE-2014-2438 mysql: unspecified vulnerability in MySQL server related to Replication subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088191
[ 8 ] Bug #1088197 – CVE-2014-2440 mysql: unspecified vulnerability in MySQL Client subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088197
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update community-mysql’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-5369
2014-04-20 00:14:57
——————————————————————————–
Name : community-mysql
Product : Fedora 20
Version : 5.5.37
Release : 1.fc20
URL : http://www.mysql.com
Summary : MySQL client programs and shared libraries
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MySQL client programs and generic MySQL files.
——————————————————————————–
Update Information:
Update to MySQL 5.5.37, for various fixes described at http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
——————————————————————————–
ChangeLog:
* Thu Apr 17 2014 Honza Horak <hhorak@redhat.com> – 5.5.37-1
– Update to MySQL 5.5.37, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-37.html
Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432
CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
* Mon Feb 3 2014 Honza Horak <hhorak@redhat.com> 5.5.36-1
– Update to MySQL 5.5.36, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html
* Thu Jan 30 2014 Honza Horak <hhorak@redhat.com> 5.5.35-2
Fix for CVE-2014-0001
Resolves: #1059545
– Don’t test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl
which now makes mariadb/mysql FTBFS because openssl_1 test fails
Related: #1044565
* Mon Dec 9 2013 Honza Horak <hhorak@redhat.com> 5.5.35-1
– Update to MySQL 5.5.35, for various fixes described at
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html
——————————————————————————–
References:
[ 1 ] Bug #1088134 – CVE-2014-2419 mysql: unspecified vulnerability in MySQL server related to Partition subcomponent
https://bugzilla.redhat.com/show_bug.cgi?id=1088134
[ 2 ] Bug #1088146 – CVE-2014-2431 mysql: unspecified vulnerability in MySQL server related to Options subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088146
[ 3 ] Bug #1088190 – CVE-2014-2436 mysql: unspecified vulnerability in MySQL server related to RBR subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088190
[ 4 ] Bug #1088197 – CVE-2014-2440 mysql: unspecified vulnerability in MySQL Client subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088197
[ 5 ] Bug #1088133 – CVE-2014-0384 mysql: unspecified vulnerability in MySQL server related to XML subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088133
[ 6 ] Bug #1088143 – CVE-2014-2430 mysql: unspecified vulnerability in MySQL server related to Performance Schema subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088143
[ 7 ] Bug #1088179 – CVE-2014-2432 mysql: unspecified vulnerability in MySQL server related to Federated subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088179
[ 8 ] Bug #1088191 – CVE-2014-2438 mysql: unspecified vulnerability in MySQL server related to Replication subcomponent (CPU April 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1088191
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update community-mysql’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
| Autor | Marko Stanec |
| Cert id | NCERT-REF-2014-04-0007-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
