ESB-2018.3676 - [RedHat] rh-mysql57-mysql: Multiple vulnerabilities 2018-11-27

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3676
                Moderate: rh-mysql57-mysql security update
                             27 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           rh-mysql57-mysql
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
                   Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Delete Arbitrary Files          -- Existing Account            
                   Read-only Data Access           -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-3284 CVE-2018-3283 CVE-2018-3282
                   CVE-2018-3278 CVE-2018-3277 CVE-2018-3276
                   CVE-2018-3251 CVE-2018-3247 CVE-2018-3200
                   CVE-2018-3187 CVE-2018-3185 CVE-2018-3174
                   CVE-2018-3173 CVE-2018-3171 CVE-2018-3162
                   CVE-2018-3161 CVE-2018-3156 CVE-2018-3155
                   CVE-2018-3144 CVE-2018-3143 CVE-2018-3133
                   CVE-2018-3081 CVE-2018-3077 CVE-2018-3071
                   CVE-2018-3070 CVE-2018-3066 CVE-2018-3065
                   CVE-2018-3064 CVE-2018-3062 CVE-2018-3061
                   CVE-2018-3060 CVE-2018-3058 CVE-2018-3056
                   CVE-2018-3054 CVE-2018-2846 CVE-2018-2839
                   CVE-2018-2819 CVE-2018-2818 CVE-2018-2817
                   CVE-2018-2816 CVE-2018-2813 CVE-2018-2812
                   CVE-2018-2810 CVE-2018-2787 CVE-2018-2786
                   CVE-2018-2784 CVE-2018-2782 CVE-2018-2781
                   CVE-2018-2780 CVE-2018-2779 CVE-2018-2778
                   CVE-2018-2777 CVE-2018-2776 CVE-2018-2775
                   CVE-2018-2773 CVE-2018-2771 CVE-2018-2769
                   CVE-2018-2766 CVE-2018-2762 CVE-2018-2761
                   CVE-2018-2759 CVE-2018-2758 CVE-2018-2755

Reference:         ASB-2018.0258
                   ESB-2018.3604
                   ESB-2018.3327
                   ESB-2018.2812
                   ESB-2018.1227

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:3655

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-mysql57-mysql security update
Advisory ID:       RHSA-2018:3655-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3655
Issue date:        2018-11-26
CVE Names:         CVE-2018-2755 CVE-2018-2758 CVE-2018-2759 
                   CVE-2018-2761 CVE-2018-2762 CVE-2018-2766 
                   CVE-2018-2769 CVE-2018-2771 CVE-2018-2773 
                   CVE-2018-2775 CVE-2018-2776 CVE-2018-2777 
                   CVE-2018-2778 CVE-2018-2779 CVE-2018-2780 
                   CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 
                   CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 
                   CVE-2018-2812 CVE-2018-2813 CVE-2018-2816 
                   CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 
                   CVE-2018-2839 CVE-2018-2846 CVE-2018-3054 
                   CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 
                   CVE-2018-3061 CVE-2018-3062 CVE-2018-3064 
                   CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 
                   CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 
                   CVE-2018-3133 CVE-2018-3143 CVE-2018-3144 
                   CVE-2018-3155 CVE-2018-3156 CVE-2018-3161 
                   CVE-2018-3162 CVE-2018-3171 CVE-2018-3173 
                   CVE-2018-3174 CVE-2018-3185 CVE-2018-3187 
                   CVE-2018-3200 CVE-2018-3247 CVE-2018-3251 
                   CVE-2018-3276 CVE-2018-3277 CVE-2018-3278 
                   CVE-2018-3282 CVE-2018-3283 CVE-2018-3284 
=====================================================================

1. Summary:

An update for rh-mysql57-mysql is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

MySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version:
rh-mysql57-mysql (5.7.24). (BZ#1642523, BZ#1643049, BZ#1643060)

Security Fix(es):

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2755)

* mysql: Server: Security: Privileges multiple unspecified vulnerabilities
(CPU Apr 2018) (CVE-2018-2758, CVE-2018-2818)

* mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2018)
(CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2782, CVE-2018-2784,
CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2819)

* mysql: Client programs unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2761)

* mysql: Server: Connection unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2762)

* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2769)

* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2771)

* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr
2018) (CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780,
CVE-2018-2781, CVE-2018-2812, CVE-2018-2816)

* mysql: Group Replication GCS unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2776)

* mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2018)
(CVE-2018-2813, CVE-2018-2817)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2839)

* mysql: Server: Performance Schema unspecified vulnerability (CPU Apr
2018) (CVE-2018-2846)

* mysql: Server: DDL multiple unspecified vulnerabilities (CPU Jul 2018)
(CVE-2018-3054, CVE-2018-3077)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2018) (CVE-2018-3056)

* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)

* mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2018)
(CVE-2018-3060, CVE-2018-3064)

* mysql: Server: DML multiple unspecified vulnerabilities (CPU Jul 2018)
(CVE-2018-3061, CVE-2018-3065)

* mysql: Server: Memcached unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3062)

* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3070)

* mysql: Audit Log unspecified vulnerability (CPU Jul 2018) (CVE-2018-3071)

* mysql: Client programs unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3081)

* mysql: Server: Parser multiple unspecified vulnerabilities (CPU Oct 2018)
(CVE-2018-3133, CVE-2018-3155)

* mysql: InnoDB multiple unspecified vulnerabilities (CPU Oct 2018)
(CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3185,
CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3284)

* mysql: Server: Security: Audit unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3144)

* mysql: Server: Partition multiple unspecified vulnerabilities (CPU Oct
2018) (CVE-2018-3161, CVE-2018-3171)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3187)

* mysql: Server: Merge unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3247)

* mysql: Server: Memcached unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3276)

* mysql: Server: RBR unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3278)

* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3282)

* mysql: Server: Logging unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3283)

* mysql: pid file can be created in a world-writeable directory (CPU Apr
2018) (CVE-2018-2773)

* mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3066)

* mysql: Init script calling kill with root privileges using pid from
pidfile owned by mysql user (CPU Oct 2018) (CVE-2018-3174)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MySQL server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1568921 - CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
1568922 - CVE-2018-2758 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018)
1568923 - CVE-2018-2759 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568924 - CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
1568925 - CVE-2018-2762 mysql: Server: Connection unspecified vulnerability (CPU Apr 2018)
1568926 - CVE-2018-2766 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568927 - CVE-2018-2769 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Apr 2018)
1568931 - CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
1568932 - CVE-2018-2773 mysql: pid file can be created in a world-writeable directory (CPU Apr 2018)
1568934 - CVE-2018-2775 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568936 - CVE-2018-2776 mysql: Group Replication GCS unspecified vulnerability (CPU Apr 2018)
1568937 - CVE-2018-2777 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568938 - CVE-2018-2778 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568940 - CVE-2018-2779 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568941 - CVE-2018-2780 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568942 - CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568943 - CVE-2018-2782 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568944 - CVE-2018-2784 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568945 - CVE-2018-2786 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568946 - CVE-2018-2787 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568949 - CVE-2018-2810 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568950 - CVE-2018-2812 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568951 - CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
1568953 - CVE-2018-2816 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568954 - CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
1568955 - CVE-2018-2818 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018)
1568956 - CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568957 - CVE-2018-2839 mysql: Server: DML unspecified vulnerability (CPU Apr 2018)
1568958 - CVE-2018-2846 mysql: Server: Performance Schema unspecified vulnerability (CPU Apr 2018)
1602354 - CVE-2018-3054 mysql: Server: DDL unspecified vulnerability (CPU Jul 2018)
1602355 - CVE-2018-3056 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018)
1602356 - CVE-2018-3058 mysql: MyISAM unspecified vulnerability (CPU Jul 2018)
1602357 - CVE-2018-3060 mysql: InnoDB unspecified vulnerability (CPU Jul 2018)
1602359 - CVE-2018-3061 mysql: Server: DML unspecified vulnerability (CPU Jul 2018)
1602360 - CVE-2018-3062 mysql: Server: Memcached unspecified vulnerability (CPU Jul 2018)
1602364 - CVE-2018-3064 mysql: InnoDB unspecified vulnerability (CPU Jul 2018)
1602365 - CVE-2018-3065 mysql: Server: DML unspecified vulnerability (CPU Jul 2018)
1602366 - CVE-2018-3066 mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
1602369 - CVE-2018-3070 mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018)
1602370 - CVE-2018-3071 mysql: Audit Log unspecified vulnerability (CPU Jul 2018)
1602375 - CVE-2018-3077 mysql: Server: DDL unspecified vulnerability (CPU Jul 2018)
1602424 - CVE-2018-3081 mysql: Client programs unspecified vulnerability (CPU Jul 2018)
1640307 - CVE-2018-3276 mysql: Server: Memcached unspecified vulnerability (CPU Oct 2018)
1640308 - CVE-2018-3200 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640310 - CVE-2018-3284 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640312 - CVE-2018-3173 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640316 - CVE-2018-3162 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640317 - CVE-2018-3247 mysql: Server: Merge unspecified vulnerability (CPU Oct 2018)
1640318 - CVE-2018-3156 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640319 - CVE-2018-3161 mysql: Server: Partition unspecified vulnerability (CPU Oct 2018)
1640320 - CVE-2018-3278 mysql: Server: RBR unspecified vulnerability (CPU Oct 2018)
1640321 - CVE-2018-3174 mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)
1640322 - CVE-2018-3282 mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
1640324 - CVE-2018-3187 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2018)
1640325 - CVE-2018-3277 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640326 - CVE-2018-3144 mysql: Server: Security: Audit unspecified vulnerability (CPU Oct 2018)
1640331 - CVE-2018-3133 mysql: Server: Parser unspecified vulnerability (CPU Oct 2018)
1640332 - CVE-2018-3143 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640333 - CVE-2018-3283 mysql: Server: Logging unspecified vulnerability (CPU Oct 2018)
1640334 - CVE-2018-3171 mysql: Server: Partition unspecified vulnerability (CPU Oct 2018)
1640335 - CVE-2018-3251 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640337 - CVE-2018-3185 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
1640340 - CVE-2018-3155 mysql: Server: Parser unspecified vulnerability (CPU Oct 2018)

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-mysql57-mysql-5.7.24-2.el6.src.rpm

x86_64:
rh-mysql57-mysql-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-2.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
rh-mysql57-mysql-5.7.24-2.el6.src.rpm

x86_64:
rh-mysql57-mysql-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-2.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-mysql57-mysql-5.7.24-2.el6.src.rpm

x86_64:
rh-mysql57-mysql-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-2.el6.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-2.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-mysql57-mysql-5.7.24-1.el7.src.rpm

aarch64:
rh-mysql57-mysql-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.aarch64.rpm

ppc64le:
rh-mysql57-mysql-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.ppc64le.rpm

s390x:
rh-mysql57-mysql-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-mysql57-mysql-5.7.24-1.el7.src.rpm

aarch64:
rh-mysql57-mysql-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.aarch64.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.aarch64.rpm

ppc64le:
rh-mysql57-mysql-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.ppc64le.rpm

s390x:
rh-mysql57-mysql-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.s390x.rpm

x86_64:
rh-mysql57-mysql-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
rh-mysql57-mysql-5.7.24-1.el7.src.rpm

ppc64le:
rh-mysql57-mysql-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.ppc64le.rpm

s390x:
rh-mysql57-mysql-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.s390x.rpm

x86_64:
rh-mysql57-mysql-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-mysql57-mysql-5.7.24-1.el7.src.rpm

ppc64le:
rh-mysql57-mysql-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.ppc64le.rpm

s390x:
rh-mysql57-mysql-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.s390x.rpm

x86_64:
rh-mysql57-mysql-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-mysql57-mysql-5.7.24-1.el7.src.rpm

ppc64le:
rh-mysql57-mysql-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.ppc64le.rpm

s390x:
rh-mysql57-mysql-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.s390x.rpm

x86_64:
rh-mysql57-mysql-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
rh-mysql57-mysql-5.7.24-1.el7.src.rpm

ppc64le:
rh-mysql57-mysql-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.ppc64le.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.ppc64le.rpm

s390x:
rh-mysql57-mysql-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.s390x.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.s390x.rpm

x86_64:
rh-mysql57-mysql-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-mysql57-mysql-5.7.24-1.el7.src.rpm

x86_64:
rh-mysql57-mysql-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-common-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-config-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-debuginfo-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-devel-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-errmsg-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-server-5.7.24-1.el7.x86_64.rpm
rh-mysql57-mysql-test-5.7.24-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-2755
https://access.redhat.com/security/cve/CVE-2018-2758
https://access.redhat.com/security/cve/CVE-2018-2759
https://access.redhat.com/security/cve/CVE-2018-2761
https://access.redhat.com/security/cve/CVE-2018-2762
https://access.redhat.com/security/cve/CVE-2018-2766
https://access.redhat.com/security/cve/CVE-2018-2769
https://access.redhat.com/security/cve/CVE-2018-2771
https://access.redhat.com/security/cve/CVE-2018-2773
https://access.redhat.com/security/cve/CVE-2018-2775
https://access.redhat.com/security/cve/CVE-2018-2776
https://access.redhat.com/security/cve/CVE-2018-2777
https://access.redhat.com/security/cve/CVE-2018-2778
https://access.redhat.com/security/cve/CVE-2018-2779
https://access.redhat.com/security/cve/CVE-2018-2780
https://access.redhat.com/security/cve/CVE-2018-2781
https://access.redhat.com/security/cve/CVE-2018-2782
https://access.redhat.com/security/cve/CVE-2018-2784
https://access.redhat.com/security/cve/CVE-2018-2786
https://access.redhat.com/security/cve/CVE-2018-2787
https://access.redhat.com/security/cve/CVE-2018-2810
https://access.redhat.com/security/cve/CVE-2018-2812
https://access.redhat.com/security/cve/CVE-2018-2813
https://access.redhat.com/security/cve/CVE-2018-2816
https://access.redhat.com/security/cve/CVE-2018-2817
https://access.redhat.com/security/cve/CVE-2018-2818
https://access.redhat.com/security/cve/CVE-2018-2819
https://access.redhat.com/security/cve/CVE-2018-2839
https://access.redhat.com/security/cve/CVE-2018-2846
https://access.redhat.com/security/cve/CVE-2018-3054
https://access.redhat.com/security/cve/CVE-2018-3056
https://access.redhat.com/security/cve/CVE-2018-3058
https://access.redhat.com/security/cve/CVE-2018-3060
https://access.redhat.com/security/cve/CVE-2018-3061
https://access.redhat.com/security/cve/CVE-2018-3062
https://access.redhat.com/security/cve/CVE-2018-3064
https://access.redhat.com/security/cve/CVE-2018-3065
https://access.redhat.com/security/cve/CVE-2018-3066
https://access.redhat.com/security/cve/CVE-2018-3070
https://access.redhat.com/security/cve/CVE-2018-3071
https://access.redhat.com/security/cve/CVE-2018-3077
https://access.redhat.com/security/cve/CVE-2018-3081
https://access.redhat.com/security/cve/CVE-2018-3133
https://access.redhat.com/security/cve/CVE-2018-3143
https://access.redhat.com/security/cve/CVE-2018-3144
https://access.redhat.com/security/cve/CVE-2018-3155
https://access.redhat.com/security/cve/CVE-2018-3156
https://access.redhat.com/security/cve/CVE-2018-3161
https://access.redhat.com/security/cve/CVE-2018-3162
https://access.redhat.com/security/cve/CVE-2018-3171
https://access.redhat.com/security/cve/CVE-2018-3173
https://access.redhat.com/security/cve/CVE-2018-3174
https://access.redhat.com/security/cve/CVE-2018-3185
https://access.redhat.com/security/cve/CVE-2018-3187
https://access.redhat.com/security/cve/CVE-2018-3200
https://access.redhat.com/security/cve/CVE-2018-3247
https://access.redhat.com/security/cve/CVE-2018-3251
https://access.redhat.com/security/cve/CVE-2018-3276
https://access.redhat.com/security/cve/CVE-2018-3277
https://access.redhat.com/security/cve/CVE-2018-3278
https://access.redhat.com/security/cve/CVE-2018-3282
https://access.redhat.com/security/cve/CVE-2018-3283
https://access.redhat.com/security/cve/CVE-2018-3284
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW/vnxNzjgjWX9erEAQh0Qg/8C8GdKebM8cf+hxo+q2/UD6487k30zWqK
s1XAnqUdaEa1tlQ7gg4M67bquHyOrBvAN58HfO30+XHks6osTJn1GjghRsBcrxR8
4tnXwk3EX1qT1eBZW/dYgg2ZgyJrBVTlIWNs/WHJAbM6eb9nTcUiaAMvVn7TgIN7
OD6F3laYtAg8lJsXHoBILwuAXojkjELerumoW7jWeLtZU5aQFn9pFqsOfWQ1xMG1
IuGom5P/aBZg6Bls3gKTpR/iNtqYD3+dQyq3+x1Px2hrXiYIP10MZ2mlZwnFGnHc
JZKA02dBT0DvDt1oPSDVCtiKZHAefvTMJFPnlUaYvf0xDu4ZKK2XSgvLs87AIIbk
nsbXnHDv+1H3LWKpkkovxgjpPTZDvkVmoWvPuTYXVHwViPWhFEA+UwyCKfrvbrzX
vLlT8+IwDwIr5EgR8jAscOpvyIc7PEsgbK0zZa1CqsjkkPncY8AOyloFuUhGwW+O
EYzJGzcX2h4DcQHco3qNwCzgGTbaQYzZGfhfViLttxR9QPdAPn7D0bJRXMURaB2M
vVgSM5sYFO3rnMxRIJhmOWA8mxym3+PBW1oB0fXJPWizPix8xaMoPheDq1h3Z5xn
tkuDgjof1Fm/WqCfsBp1U54rbSthPuZt1qxCogBH8zamjXaS8ueEJBWlwKpyYLwq
eE7rE8XztHo=
=MbCN
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW/y3/WaOgq3Tt24GAQhXaRAAx6A9jPo0/W0qdLe5j+TPvg+f10pdMxuI
DjOP1unUvLbefbnGJSAF2uIr4SPd6SxO/qHr6DKAgSjQkYxEVeOmc9UxCs0Xt1WZ
gDW6aD6DXKQ3XagsP6Bn5+r+hwRrHxrRyW2aI19n+4zktBWJZ4Yliq7zoG0+5E4q
Rv8nmxCjLpM1GOgBccymgpgKG8kHctpVRuMmNRu4v0pKqm9V4Ol5tjLQuKwg1uTN
xH/gBKs0fcOLzl93p5EdFwG8Rw6aeecYfmAjDN7ix/BlQaeuqqPjuTBZiNBGn0mi
Xm/4ea1lY91lN8keLsf9CsYofaaUyxdsU8IsLJutmdM9v2RecC7fWEFYhtYcqCqf
yqxyyq79ZQaaoDJEin/YflBSSaK/60xhrLXCJnVJekv5muJTH+Fb/J2PG+2YJ/v+
mN2CYwqNGAk+J57zy9OaDWtNR6iATpJtM1n2lVCiD6xWuCTyyh4MRYTCV/I/pR26
5dDp2+B/HNQuazBZi9PiOzeoy4/h5mHFm9CsBlmrntAEAJTFMCJtrEiIQD2hiAvm
MV9ifJU5Lt2/N3k1doB5CRrlDTu3TGWBrdV3KMGjd1rzBlU9D0urR2y8RKngLJt4
0oj059cDncIgNAxwS7y22PEENDFf0maKgyFrFc7zqN41BRTm8plnBESiZgwaJw+T
aMR6SjbiOYw=
=q9Jw
-----END PGP SIGNATURE-----

« Back to bulletins