Fedora 26: FEDORA-2018-d955395c08 Critical: MariaDB Security Issue

MariaDB is a community developed branch of MySQL.

MariaDB is a multi-user, multi-threaded SQL database server.

It is a client/server implementation consisting of a server daemon (mysqld)

and many different client programs and libraries. The base package

contains the standard MariaDB/MySQL client programs and generic MySQL files.

**Update to 10.1.33** . **Release notes:**

https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-10-1-series/mariadb-10133-release-notes **CVEs fixed:**

CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781

CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817

CVE-2018-2819

* Thu May 10 2018 Michal Schorm - 3:10.1.33-1

- Rebase to 10.1.33

* Thu Mar 29 2018 Michal Schorm - 3:10.1.32-2

- Move my_print_defaults from client to server to not collide with community-mysql package

- Support --defaults-group-suffix properly in systemd unit file

Resolves: #1485777 #1540109

* Thu Mar 29 2018 Michal Schorm - 3:10.1.32-1

- Rebase to 10.1.32

* Thu Jan 25 2018 Michal Schorm - 3:10.1.31-1

- Rebase to 10.1.31

* Thu Jan 25 2018 Michal Schorm - 3:10.1.30-2

- Use downstream tmpfiles instead of the upstream one

Related: #1538066

* Tue Jan 9 2018 Michal Schorm - 3:10.1.30-1

- Fix cmake arguments (blocked debug builds)

- Fix loading of skipped tests files (omitted ppc list)

* Sat Dec 23 2017 Michal Schorm - 3:10.1.30-1

- Rebase to 10.1.30

* Tue Nov 21 2017 Michal Schorm - 3:10.1.29-1

- Rebase to 10.1.29

* Wed Oct 4 2017 Michal Schorm - 3:10.1.28-1

- Rebase to 10.1.28

* Mon Aug 14 2017 Honza Horak - 3:10.1.26-2

- Backport openssl 1.1 support from MariaDB 10.2

* Mon Aug 14 2017 Honza Horak - 3:10.1.26-1

- Upgrade to 10.1.26

* Mon Jul 10 2017 Michal Schorm - 3:10.1.25-2

- Disable DTrace

- Remove mysql-wait-* scripts. They aren't needed when using systemd "Type=notify"

* Mon Jul 10 2017 Michal Schorm - 3:10.1.25-1

- Rebase to 10.1.25

- Disable plugins 'cracklib' and 'gssapi' by default

- Related: #1468028, #1464070

- Looks like the testsuite removes its 'var' content correctly,

no need to do that explicitly.

* Fri Jul 7 2017 Igor Gnatenko - 3:10.1.24-5

- Rebuild due to bug in RPM (RHBZ #1468476)

* Mon Jun 19 2017 Michal Schorm - 3:10.1.24-4

- Use "/run" location instead of "/var/run" symlink

- Related: #1455811

- Remove AppArmor files

* Fri Jun 9 2017 Honza Horak - 3:10.1.24-3

- Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265

- Resolves: #1458940

- Check properly that datadir includes only expected files

- Related: #1356897

* Wed Jun 7 2017 Michal Schorm - 3:10.1.24-2

- Fixed incorrect Jemalloc initialization; #1459671

* Fri Jun 2 2017 Michal Schorm - 3:10.1.24-1

- Rebase to 10.1.24

- Build dependecies Bison and Libarchive added, others corrected

- Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB

- Removed patches: (fixed by upstream)

Patch5: mariadb-file-contents.patch

Patch14: mariadb-example-config-files.patch

Patch31: mariadb-string-overflow.patch

Patch32: mariadb-basedir.patch

Patch41: mariadb-galera-new-cluster-help.patch

- Resolves: rhbz#1414387

CVE-2017-3313

- Resolves partly: rhbz#1443408

CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464

* Tue May 23 2017 Michal Schorm - 3:10.1.21-6

- Plugin oqgraph enabled

- Plugin jemalloc enabled

- 'force' option for 'rm' removed

- Enabled '--big-test' option for the testsuite

- Disabled '--skip-rpl' option for the testsuite = replication tests enabled

- Multilib manpage added

[ 1 ] Bug #1568964 - CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 mariadb: various flaws [fedora-26]

https://bugzilla.redhat.com/show_bug.cgi?id=1568964

su -c 'dnf upgrade --advisory FEDORA-2018-d955395c08' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7UF6XVJNCHPSN5BBYHUX267XZGFVP5P/