Fedora 24: Updated MariaDB Security Advisory for Multiple Threats

MariaDB is a community developed branch of MySQL.

MariaDB is a multi-user, multi-threaded SQL database server.

It is a client/server implementation consisting of a server daemon (mysqld)

and many different client programs and libraries. The base package

contains the standard MariaDB/MySQL client programs and generic MySQL files.

**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled

Sphinx engine enabled Build dependecies Bison and Libarchive added, others

corrected Disabling Mroonga engine for i686 architecture, as it is not

supported by MariaDB **Removed patches: (fixed by upstream)** Patch5:

%{pkgnamepatch}-file-contents.patch Patch14: %{pkgnamepatch}-example-config-files.patch Patch31: %{pkgnamepatch}-string-overflow.patch Patch32:

%{pkgnamepatch}-basedir.patch Patch41: %{pkgnamepatch}-galera-new-cluster-help.patch **CVEs fix** CVE-2017-3313 CVE-2017-3308 CVE-2017-3309

CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 **Testsuite** Enabled

'--big-test' option for the testsuite Disabled '--skip-rpl' option for the

testsuite = replication tests enabled **Warning** Some Spider tests

started to fail, the engine can be probabbly unsafe now. **Aditional bugs

solved:** #1459671: mariadb fails to start with tokudb; jemalloc not

correctly enabled ---- **Rebase to 10.1.24** Plugin oqgraph enabled

Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison

and Libarchive added, others corrected Disabling Mroonga engine for i686

architecture, as it is not supported by MariaDB **Removed patches: (fixed by

upstream)** Patch5: %{pkgnamepatch}-file-contents.patch Patch14:

%{pkgnamepatch}-example-config-files.patch Patch31: %{pkgnamepatch}-string-overflow.patch Patch32: %{pkgnamepatch}-basedir.patch Patch41:

%{pkgnamepatch}-galera-new-cluster-help.patch **CVEs fix** CVE-2017-3313

CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456

CVE-2017-3464 **Testsuite** Enabled '--big-test' option for the testsuite

Disabled '--skip-rpl' option for the testsuite = replication tests enabled

**Warning** Some Spider tests started to fail, the engine can be probabbly

unsafe now. **Aditional bugs solved:** #1459671: mariadb fails to start

with tokudb; jemalloc not correctly enabled ---- **Rebase to 10.1.24**

Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled

Build dependecies Bison and Libarchive added, others corrected Disabling

Mroonga engine for i686 architecture, as it is not supported by MariaDB

**Removed patches: (fixed by upstream)** Patch5: %{pkgnamepatch}-file-contents.patch Patch14: %{pkgnamepatch}-example-config-files.patch

Patch31: %{pkgnamepatch}-string-overflow.patch Patch32:

%{pkgnamepatch}-basedir.patch Patch41: %{pkgnamepatch}-galera-new-cluster-help.patch **CVEs fix** CVE-2017-3313 CVE-2017-3308

CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464

**Testsuite** Enabled '--big-test' option for the testsuite Disabled

'--skip-rpl' option for the testsuite = replication tests enabled **Warning**

Some Spider tests started to fail, the engine can be probabbly unsafe now.

[ 1 ] Bug #1414387 - CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 mariadb: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1414387

[ 2 ] Bug #1459671 - mariadb fails to start with tokudb; jemalloc not correctly enabled

https://bugzilla.redhat.com/show_bug.cgi?id=1459671

su -c 'dnf upgrade mariadb' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org