Security update for mysql-community-server (important)

This update for mysql-community-server to version 5.6.39 fixes several
issues.

These security issues were fixed:

• CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily
  exploitable vulnerability allowed low privileged attacker with network
  access via multiple protocols to compromise MySQL Server. Successful
  attacks of this vulnerability can result in unauthorized ability to
  cause a hang or frequently repeatable crash (complete DOS) of MySQL
  Server (bsc#1076369).
• CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition.
  Easily exploitable vulnerability allowed low privileged attacker with
  network access via multiple protocols to compromise MySQL Server.
  Successful attacks of this vulnerability can result in unauthorized
  ability to cause a hang or frequently repeatable crash (complete DOS) of
  MySQL Server as well as unauthorized update, insert or delete access to
  some of MySQL Server accessible data (bsc#1076369).
• CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer.
  Easily exploitable vulnerability allowed low privileged attacker with
  network access via multiple protocols to compromise MySQL Server.
  Successful attacks of this vulnerability can result in unauthorized
  ability to cause a hang or frequently repeatable crash (complete DOS) of
  MySQL Server (bsc#1076369).
• CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer).
  Supported versions that are affected are 5.5.58 and prior, 5.6.38 and
  prior and 5.7.20 and prior. Easily exploitable vulnerability allowed low
  privileged attacker with network access via multiple protocols to
  compromise MySQL Server. Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server (bsc#1076369).
• CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer.
  Easily exploitable vulnerability allowed low privileged attacker with
  network access via multiple protocols to compromise MySQL Server.
  Successful attacks of this vulnerability can result in unauthorized
  ability to cause a hang or frequently repeatable crash (complete DOS) of
  MySQL Server (bsc#1076369).
• CVE-2018-2696: Vulnerability in the subcomponent: Server : Security :
  Privileges). Supported versions that are affected are 5.6.38 and prior
  and 5.7.20 and prior. Easily exploitable vulnerability allowed
  unauthenticated attacker with network access via multiple protocols to
  compromise MySQL Server. Successful attacks of this vulnerability can
  result in unauthorized ability to cause a hang or frequently repeatable
  crash (complete DOS) of MySQL Server (bsc#1076369).
• CVE-2018-2583: Vulnerability in the subcomponent: Stored Procedure.
  Easily exploitable vulnerability allowed high privileged attacker with
  network access via multiple protocols to compromise MySQL Server. While
  the vulnerability is in MySQL Server, attacks may significantly impact
  additional products. Successful attacks of this vulnerability can result
  in unauthorized ability to cause a hang or frequently repeatable crash
  (complete DOS) of MySQL Server (bsc#1076369).
• CVE-2018-2612: Vulnerability in the subcomponent: InnoDB. Easily
  exploitable vulnerability allowed high privileged attacker with network
  access via multiple protocols to compromise MySQL Server. Successful
  attacks of this vulnerability can result in unauthorized creation,
  deletion or modification access to critical data or all MySQL Server
  accessible data and unauthorized ability to cause a hang or frequently
  repeatable crash (complete DOS) of MySQL Server (bsc#1076369).
• CVE-2018-2703: Vulnerability in the subcomponent: Server : Security :
  Privileges. Easily exploitable vulnerability allowed low privileged
  attacker with network access via multiple protocols to compromise MySQL
  Server. Successful attacks of this vulnerability can result in
  unauthorized ability to cause a hang or frequently repeatable crash
  (complete DOS) of MySQL Server (bsc#1076369).
• CVE-2018-2573: Vulnerability in the subcomponent: Server: GIS. Easily
  exploitable vulnerability allowed low privileged attacker with network
  access via multiple protocols to compromise MySQL Server. Successful
  attacks of this vulnerability can result in unauthorized ability to
  cause a hang or frequently repeatable crash (complete DOS) of MySQL
  Server (bsc#1076369).
• CVE-2017-3737: OpenSSL introduced an "error state" mechanism. The intent
  was that if a fatal error occurred during a handshake then OpenSSL would
  move into the error state and would immediately fail if you attempted to
  continue the handshake. This works as designed for the explicit
  handshake functions (SSL_do_handshake(), SSL_accept() and
  SSL_connect()), however due to a bug it did not work correctly if
  SSL_read() or SSL_write() is called directly. In that scenario, if the
  handshake fails then a fatal error will be returned in the initial
  function call. If SSL_read()/SSL_write() is subsequently called by the
  application for the same SSL object then it will succeed and the data is
  passed without being decrypted/encrypted directly from the SSL/TLS
  record layer. In
  order to exploit this issue an application bug would have to be present
  that resulted in a call to SSL_read()/SSL_write() being issued after
  having already received a fatal error
• CVE-2018-2647: Vulnerability in the subcomponent: Server: Replication.
  Easily exploitable vulnerability allowed high privileged attacker with
  network access via multiple protocols to compromise MySQL Server.
  Successful attacks of this vulnerability can result in unauthorized
  ability to cause a hang or frequently repeatable crash (complete DOS) of
  MySQL Server as well as unauthorized update, insert or delete access to
  some of MySQL Server accessible data (bsc#1076369).
• CVE-2018-2591: Vulnerability in the subcomponent: Server : Partition.
  Easily exploitable vulnerability allowed high privileged attacker with
  network access via multiple protocols to compromise MySQL Server.
  Successful attacks of this vulnerability can result in unauthorized
  ability to cause a hang or frequently repeatable crash (complete DOS) of
  MySQL Server (bsc#1076369).
• CVE-2018-2590: Vulnerability in the subcomponent: Server: Performance
  Schema. Easily exploitable vulnerability allowed high privileged
  attacker with network access via multiple protocols to compromise MySQL
  Server. Successful attacks of this vulnerability can result in
  unauthorized ability to cause a hang or frequently repeatable crash
  (complete DOS) of MySQL Server (bsc#1076369).
• CVE-2018-2645: Vulnerability in the subcomponent: Server: Performance
  Schema. Easily exploitable vulnerability allowed high privileged
  attacker with network access via multiple protocols to compromise MySQL
  Server. Successful attacks of this vulnerability can result in
  unauthorized access to critical data or complete access to all MySQL
  Server accessible data (bsc#1076369).

For additional details please see
<a href=“http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html”>http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html</a>