Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat: 2015:1646-01 Important: rh-mariadb100-mariadb Security Update

red hat
Calendar Grey August 20, 2015
Dist Redhat Esm H88
Enhance the rh-mariadb100-mariadb packages on Red Hat to mitigate several critical security vulnerabilities.
Updated rh-mariadb100-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152)
This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772)
These updated packages upgrade MariaDB to version MariaDB 10.0.20. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.
All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Topics%20covered

Topics Covered

security advisory security issue Red Hat software update database server

References

https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2611 https://access.redhat.com/security/cve/CVE-2015-2617 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2639 https://access.redhat.com/security/cve/CVE-2015-2641 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-2661 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4756 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/cve/CVE-2015-4761 https://access.redhat.com/security/cve/CVE-2015-4767 https://access.redhat.com/security/cve/CVE-2015-4769 https://access.redhat.com/security/cve/CVE-2015-4771 https://access.redhat.com/security/cve/CVE-2015-4772 https://access.redhat.com/security/updates/classification/#important https://www.oracle.com/security-alerts/cpujul2015.html https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-10-0-series/mariadb-10020-release-notes

Package List

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm
x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm
x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2015:1646-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2015:1646.html
Issue date: 2015-08-20

Topic

Updated rh-mariadb100-mariadb packages that fix several security issues arenow available for Red Hat Software Collections 2.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat software update database server

Relevant Releases Architectures

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Bugs Fixed

1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)

1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015)

1244769 - CVE-2015-2611 mysql: unspecified vulnerability related to Server:DML (CPU July 2015)

1244770 - CVE-2015-2617 mysql: unspecified vulnerability related to Server:Partition (CPU July 2015)

1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015)

1244772 - CVE-2015-2639 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015)

1244773 - CVE-2015-2641 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015)

1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)

1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015)

1244776 - CVE-2015-2661 mysql: unspecified vulnerability related to Client (CPU July 2015)

1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015)

1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015)

1244780 - CVE-2015-4756 mysql: unspecified vulnerability related to Server:InnoDB (CPU July 2015)

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here