This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
(CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402,
CVE-2014-0412, CVE-2014-0437, CVE-2013-5908)
A buffer overflow flaw was found in the way the MySQL command line
client tool (mysql) processed excessively long version strings. If a
user connected to a malicious MySQL server via the mysql client, the
server could use this flaw to crash the mysql client or, potentially,
execute arbitrary code as the user running the mysql client.
This update also fixes the following bug :
- Prior to this update, MySQL did not check whether a
MySQL socket was actually being used by any process
before starting the mysqld service. If a particular
mysqld service did not exit cleanly while a socket was
being used by a process, this socket was considered to
be still in use during the next start-up of this
service, which resulted in a failure to start the
service up. With this update, if a socket exists but is
not used by any process, it is ignored during the mysqld
After installing this update, the MySQL server daemon (mysqld) will be
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5