Fedora 26: mariadb Security Update 2018-d955395c08
Summary
MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.
**Update to 10.1.33** . **Release notes:**
https://mariadb.com/kb/en/mariadb-10133-release-notes/ **CVEs fixed:**
CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781
CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817
CVE-2018-2819
* Thu May 10 2018 Michal Schorm
- Rebase to 10.1.33
* Thu Mar 29 2018 Michal Schorm
- Move my_print_defaults from client to server to not collide with community-mysql package
- Support --defaults-group-suffix properly in systemd unit file
Resolves: #1485777 #1540109
* Thu Mar 29 2018 Michal Schorm
- Rebase to 10.1.32
* Thu Jan 25 2018 Michal Schorm
- Rebase to 10.1.31
* Thu Jan 25 2018 Michal Schorm
- Use downstream tmpfiles instead of the upstream one
Related: #1538066
* Tue Jan 9 2018 Michal Schorm
- Fix cmake arguments (blocked debug builds)
- Fix loading of skipped tests files (omitted ppc list)
* Sat Dec 23 2017 Michal Schorm
- Rebase to 10.1.30
* Tue Nov 21 2017 Michal Schorm
- Rebase to 10.1.29
* Wed Oct 4 2017 Michal Schorm
- Rebase to 10.1.28
* Mon Aug 14 2017 Honza Horak
- Backport openssl 1.1 support from MariaDB 10.2
* Mon Aug 14 2017 Honza Horak
- Upgrade to 10.1.26
* Mon Jul 10 2017 Michal Schorm
- Disable DTrace
- Remove mysql-wait-* scripts. They aren't needed when using systemd "Type=notify"
* Mon Jul 10 2017 Michal Schorm
- Rebase to 10.1.25
- Disable plugins 'cracklib' and 'gssapi' by default
- Related: #1468028, #1464070
- Looks like the testsuite removes its 'var' content correctly,
no need to do that explicitly.
* Fri Jul 7 2017 Igor Gnatenko
- Rebuild due to bug in RPM (RHBZ #1468476)
* Mon Jun 19 2017 Michal Schorm
- Use "/run" location instead of "/var/run" symlink
- Related: #1455811
- Remove AppArmor files
* Fri Jun 9 2017 Honza Horak
- Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265
- Resolves: #1458940
- Check properly that datadir includes only expected files
- Related: #1356897
* Wed Jun 7 2017 Michal Schorm
- Fixed incorrect Jemalloc initialization; #1459671
* Fri Jun 2 2017 Michal Schorm
- Rebase to 10.1.24
- Build dependecies Bison and Libarchive added, others corrected
- Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB
- Removed patches: (fixed by upstream)
Patch5: mariadb-file-contents.patch
Patch14: mariadb-example-config-files.patch
Patch31: mariadb-string-overflow.patch
Patch32: mariadb-basedir.patch
Patch41: mariadb-galera-new-cluster-help.patch
- Resolves: rhbz#1414387
CVE-2017-3313
- Resolves partly: rhbz#1443408
CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464
* Tue May 23 2017 Michal Schorm
- Plugin oqgraph enabled
- Plugin jemalloc enabled
- 'force' option for 'rm' removed
- Enabled '--big-test' option for the testsuite
- Disabled '--skip-rpl' option for the testsuite = replication tests enabled
- Multilib manpage added
[ 1 ] Bug #1568964 - CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 mariadb: various flaws [fedora-26]
https://bugzilla.redhat.com/show_bug.cgi?id=1568964
su -c 'dnf upgrade --advisory FEDORA-2018-d955395c08' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7UF6XVJNCHPSN5BBYHUX267XZGFVP5P/
FEDORA-2018-d955395c08 2018-05-22 14:28:36.839341 Product : Fedora 26 Version : 10.1.33 Release : 1.fc26 URL : http://mariadb.org Summary : A community developed branch of MySQL Description : MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. **Update to 10.1.33** . **Release notes:** https://mariadb.com/kb/en/mariadb-10133-release-notes/ **CVEs fixed:** CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 * Thu May 10 2018 Michal Schorm - 3:10.1.33-1 - Rebase to 10.1.33 * Thu Mar 29 2018 Michal Schorm - 3:10.1.32-2 - Move my_print_defaults from client to server to not collide with community-mysql package - Support --defaults-group-suffix properly in systemd unit file Resolves: #1485777 #1540109 * Thu Mar 29 2018 Michal Schorm - 3:10.1.32-1 - Rebase to 10.1.32 * Thu Jan 25 2018 Michal Schorm - 3:10.1.31-1 - Rebase to 10.1.31 * Thu Jan 25 2018 Michal Schorm - 3:10.1.30-2 - Use downstream tmpfiles instead of the upstream one Related: #1538066 * Tue Jan 9 2018 Michal Schorm - 3:10.1.30-1 - Fix cmake arguments (blocked debug builds) - Fix loading of skipped tests files (omitted ppc list) * Sat Dec 23 2017 Michal Schorm - 3:10.1.30-1 - Rebase to 10.1.30 * Tue Nov 21 2017 Michal Schorm - 3:10.1.29-1 - Rebase to 10.1.29 * Wed Oct 4 2017 Michal Schorm - 3:10.1.28-1 - Rebase to 10.1.28 * Mon Aug 14 2017 Honza Horak - 3:10.1.26-2 - Backport openssl 1.1 support from MariaDB 10.2 * Mon Aug 14 2017 Honza Horak - 3:10.1.26-1 - Upgrade to 10.1.26 * Mon Jul 10 2017 Michal Schorm - 3:10.1.25-2 - Disable DTrace - Remove mysql-wait-* scripts. They aren't needed when using systemd "Type=notify" * Mon Jul 10 2017 Michal Schorm - 3:10.1.25-1 - Rebase to 10.1.25 - Disable plugins 'cracklib' and 'gssapi' by default - Related: #1468028, #1464070 - Looks like the testsuite removes its 'var' content correctly, no need to do that explicitly. * Fri Jul 7 2017 Igor Gnatenko - 3:10.1.24-5 - Rebuild due to bug in RPM (RHBZ #1468476) * Mon Jun 19 2017 Michal Schorm - 3:10.1.24-4 - Use "/run" location instead of "/var/run" symlink - Related: #1455811 - Remove AppArmor files * Fri Jun 9 2017 Honza Horak - 3:10.1.24-3 - Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265 - Resolves: #1458940 - Check properly that datadir includes only expected files - Related: #1356897 * Wed Jun 7 2017 Michal Schorm - 3:10.1.24-2 - Fixed incorrect Jemalloc initialization; #1459671 * Fri Jun 2 2017 Michal Schorm - 3:10.1.24-1 - Rebase to 10.1.24 - Build dependecies Bison and Libarchive added, others corrected - Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB - Removed patches: (fixed by upstream) Patch5: mariadb-file-contents.patch Patch14: mariadb-example-config-files.patch Patch31: mariadb-string-overflow.patch Patch32: mariadb-basedir.patch Patch41: mariadb-galera-new-cluster-help.patch - Resolves: rhbz#1414387 CVE-2017-3313 - Resolves partly: rhbz#1443408 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 * Tue May 23 2017 Michal Schorm - 3:10.1.21-6 - Plugin oqgraph enabled - Plugin jemalloc enabled - 'force' option for 'rm' removed - Enabled '--big-test' option for the testsuite - Disabled '--skip-rpl' option for the testsuite = replication tests enabled - Multilib manpage added [ 1 ] Bug #1568964 - CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 mariadb: various flaws [fedora-26] https://bugzilla.redhat.com/show_bug.cgi?id=1568964 su -c 'dnf upgrade --advisory FEDORA-2018-d955395c08' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7UF6XVJNCHPSN5BBYHUX267XZGFVP5P/
Change Log
References
Update Instructions
