rh-mysql57-mysql-5.7.21-2.el7.1

MySQL is a multi-user, multi-threaded SQL database server. It consists of the
MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version:
rh-mysql57-mysql (5.7.21). (BZ#1533832)

Security Fix(es):

* mysql: sha256_password authentication DoS via long password (CVE-2018-2696)

* mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2565)

* mysql: Server: GIS unspecified vulnerability (CPU Jan 2018) (CVE-2018-2573)

* mysql: Server: DML unspecified vulnerability (CPU Jan 2018) (CVE-2018-2576)

* mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2583)

* mysql: Server: DML unspecified vulnerability (CPU Jan 2018) (CVE-2018-2586)

* mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2590)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2600)

* mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2640)

* mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2645)

* mysql: Server: DML unspecified vulnerability (CPU Jan 2018) (CVE-2018-2646)

* mysql: Server: Replication unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2647)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2665)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2667)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2668)

* mysql: sha256_password authentication DoS via hash with large rounds value
(CVE-2018-2703)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.

The CVE-2018-2696 and CVE-2018-2703 issues were discovered by Asianux Product
Security.

CVE-2018-2565
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: InnoDB). Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score
4.9 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2573
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: GIS). Supported versions that are affected are 5.6.38 and prior and
5.7.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS
3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2576
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2583
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Stored Procedure). Supported versions that are affected are 5.6.38 and prior and
5.7.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server.
While the vulnerability is in MySQL Server, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).
CVE-2018-2586
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2590
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Performance Schema). Supported versions that are affected are 5.6.38 and
prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2600
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Optimizer). Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score
4.9 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2612
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20
and prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all MySQL Server accessible data and
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).
CVE-2018-2622
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38
and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2640
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Optimizer). Supported versions that are affected are 5.5.58 and prior,
5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2645
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Performance Schema). Supported versions that are affected are 5.6.38 and
prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized access to critical data or complete access to all MySQL Server
accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
CVE-2018-2646
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily
exploitable vulnerability allows high privileged attacker with network access
via multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2647
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Replication). Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as
well as unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-2665
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Optimizer). Supported versions that are affected are 5.5.58 and prior,
5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2667
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Optimizer). Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score
4.9 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2668
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Optimizer). Supported versions that are affected are 5.5.58 and prior,
5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2696
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server : Security : Privileges). Supported versions that are affected are 5.6.38
and prior and 5.7.20 and prior. Easily exploitable vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-2703
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server : Security : Privileges). Supported versions that are affected are 5.6.38
and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).