Red Hat OpenStack 8.0 RHSA-2016-2077-01 Important Fix for mariadb-galera
red hat
October 18, 2016
An update for mariadb-galera is now available for Red Hat OpenStack Platform 8.0 (Liberty)
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.
Summary
MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. Galera is a synchronous multi-master cluster for
MariaDB.
Security Fix(es):
* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database
user with FILE privileges, could possibly use this flaw to run arbitrary
commands with root privileges on the system running the database server.
(CVE-2016-6662)
Bug Fix(es):
* Previously, both the mariadb-server and mariadb-galera-server packages
shipped the client-facing libraries, dialog.so and mysql_clear_password.so.
As a result, the mariadb-galera-server package would fail to install
because of package conflicts. With this update, these libraries have been
moved from mariadb-galera-server to mariadb-libs, and the
mariadb-galera-server package installs successfully. (BZ#1376905)
* Because Red Hat Enterprise Linux 7.3 changed the return format of the
"systemctl is-enabled" command as consumed by shell scripts, the
mariadb-galera RPM package, upon installation, erroneously detected that
the MariaDB service was enabled when it was not. As a result, the Red Hat
OpenStack Platform installer, which then tried to run mariadb-galera using
Pacemaker and not systemd, failed to start Galera. With this update,
mariadb-galera's RPM installation scripts now use a different systemctl
command, correctly detecting the default MariaDB as disabled, and the
installer can succeed. (BZ#1376913)
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2016-6662 https://access.redhat.com/security/updates/classification#important
Package List
Red Hat OpenStack Platform 8.0 (Liberty):
Source:
mariadb-galera-5.5.42-5.el7ost.src.rpm
x86_64:
mariadb-galera-common-5.5.42-5.el7ost.x86_64.rpm
mariadb-galera-debuginfo-5.5.42-5.el7ost.x86_64.rpm
mariadb-galera-server-5.5.42-5.el7ost.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2016:2077-01
Product: Red Hat Enterprise Linux OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2016:2077.html
Issue date: 2016-10-18
Topic
An update for mariadb-galera is now available for Red Hat OpenStackPlatform 8.0 (Liberty).Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topics Covered
Relevant Releases Architectures
Red Hat OpenStack Platform 8.0 (Liberty) - x86_64
Bugs Fixed
1375198 - CVE-2016-6662 mysql: general_log can write to configuration files, leading to privilege escalation
1376905 - RHEL 7.3 upgrades fails on upgrade because of mariadb-libs package conflict.
1376913 - mysqld service prevents haproxy to get started and deployment fails
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!