Medium: mysql51

Issue Overview:

This update fixes several vulnerabilities in the MySQL database server. (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908)

A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001)

Affected Packages:

mysql51

Issue Correction:
Run yum update mysql51 to update your system.

New Packages:

i686:  
    mysql51-embedded-5.1.73-3.68.amzn1.i686  
    mysql51-common-5.1.73-3.68.amzn1.i686  
    mysql51-5.1.73-3.68.amzn1.i686  
    mysql51-devel-5.1.73-3.68.amzn1.i686  
    mysql51-server-5.1.73-3.68.amzn1.i686  
    mysql51-bench-5.1.73-3.68.amzn1.i686  
    mysql51-debuginfo-5.1.73-3.68.amzn1.i686  
    mysql51-test-5.1.73-3.68.amzn1.i686  
    mysql51-embedded-devel-5.1.73-3.68.amzn1.i686  
    mysql51-libs-5.1.73-3.68.amzn1.i686  
  
src:  
    mysql51-5.1.73-3.68.amzn1.src  
  
x86_64:  
    mysql51-server-5.1.73-3.68.amzn1.x86_64  
    mysql51-libs-5.1.73-3.68.amzn1.x86_64  
    mysql51-test-5.1.73-3.68.amzn1.x86_64  
    mysql51-debuginfo-5.1.73-3.68.amzn1.x86_64  
    mysql51-embedded-devel-5.1.73-3.68.amzn1.x86_64  
    mysql51-embedded-5.1.73-3.68.amzn1.x86_64  
    mysql51-bench-5.1.73-3.68.amzn1.x86_64  
    mysql51-devel-5.1.73-3.68.amzn1.x86_64  
    mysql51-common-5.1.73-3.68.amzn1.x86_64  
    mysql51-5.1.73-3.68.amzn1.x86_64  

Additional References

Red Hat: CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437

Mitre: CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437