-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: rh-mariadb101-mariadb and rh-mariadb101-galera security and bug fix update
Advisory ID:       RHSA-2018:0574-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:0574
Issue date:        2018-03-21
CVE Names:         CVE-2016-5617 CVE-2016-6664 CVE-2017-3238 
                   CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 
                   CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 
                   CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 
                   CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 
                   CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 
                   CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 
                   CVE-2017-3653 CVE-2017-10268 CVE-2017-10286 
                   CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 
====================================================================
1. Summary:

An update for rh-mariadb101-mariadb and rh-mariadb101-galera is now
available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server. For all
practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version:
rh-mariadb101-mariadb (10.1.29). (BZ#1463417, BZ#1517327)

Security Fix(es):

* mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016)
(CVE-2016-5617, CVE-2016-6664)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3238)

* mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3243)

* mysql: Server: DML unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3244)

* mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3257)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3258)

* mysql: unsafe chmod/chown use in init script (CPU Jan 2017)
(CVE-2017-3265)

* mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) (CVE-2017-3291)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3308)

* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3309)

* mysql: insecure error log file handling in mysqld_safe, incomplete
CVE-2016-6664 fix (CPU Jan 2017) (CVE-2017-3312)

* mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3313)

* mysql: Logging unspecified vulnerability (CPU Jan 2017) (CVE-2017-3317)

* mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017)
(CVE-2017-3318)

* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3453)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3456)

* mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
(CVE-2017-3464)

* mysql: Client programs unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3636)

* mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3641)

* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10268)

* mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10286)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10378)

* mysql: Client programs unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10379)

* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10384)

* mysql: prepared statement handle use-after-free after disconnect
(CVE-2017-3302)

* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3653)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Bug Fix(es):

* Previously, a syntax error in the Galera Arbitrator SysV init script
prevented the garbd daemon from being started when the SysV init script was
used. With this update, the definition of the main daemon binary in the
SysV init script has been fixed, and the described problem no longer
occurs. (BZ#1466473)

* Prior to this update, the scl macros were not set for the
rh-mariadb101-mariadb@.service file, which consequently made the service
file unusable. This bug has been fixed, and rh-mariadb101-mariadb@.service
now works as expected. (BZ#1485995)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1386564 - CVE-2016-6664 CVE-2016-5617 mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016)
1414133 - CVE-2017-3312 mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)
1414338 - CVE-2017-3238 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017)
1414340 - CVE-2017-3243 mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017)
1414342 - CVE-2017-3244 mysql: Server: DML unspecified vulnerability (CPU Jan 2017)
1414350 - CVE-2017-3257 mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)
1414351 - CVE-2017-3258 mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)
1414353 - CVE-2017-3313 mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)
1414355 - CVE-2017-3317 mysql: Logging unspecified vulnerability (CPU Jan 2017)
1414357 - CVE-2017-3318 mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017)
1414423 - CVE-2017-3265 mysql: unsafe chmod/chown use in init script (CPU Jan 2017)
1414429 - CVE-2017-3291 mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017)
1422119 - CVE-2017-3302 mysql: prepared statement handle use-after-free after disconnect
1443358 - CVE-2017-3308 mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
1443359 - CVE-2017-3309 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
1443365 - CVE-2017-3453 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
1443369 - CVE-2017-3456 mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
1443379 - CVE-2017-3464 mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
1466472 - mysql_install_db does not work when --basedir is specified
1466473 - galera arbitrator service init script error on RHEL6
1472686 - CVE-2017-3636 mysql: Client programs unspecified vulnerability (CPU Jul 2017)
1472693 - CVE-2017-3641 mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
1472711 - CVE-2017-3653 mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
1503669 - CVE-2017-10286 mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)
1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
1503685 - CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017)
1503686 - CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-mariadb101-galera-25.3.12-12.el6.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
rh-mariadb101-galera-25.3.12-12.el6.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-mariadb101-galera-25.3.12-12.el6.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-mariadb101-galera-25.3.12-12.el7.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
rh-mariadb101-galera-25.3.12-12.el7.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
rh-mariadb101-galera-25.3.12-12.el7.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-mariadb101-galera-25.3.12-12.el7.src.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm

x86_64:
rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm
rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm
rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-5617
https://access.redhat.com/security/cve/CVE-2016-6664
https://access.redhat.com/security/cve/CVE-2017-3238
https://access.redhat.com/security/cve/CVE-2017-3243
https://access.redhat.com/security/cve/CVE-2017-3244
https://access.redhat.com/security/cve/CVE-2017-3257
https://access.redhat.com/security/cve/CVE-2017-3258
https://access.redhat.com/security/cve/CVE-2017-3265
https://access.redhat.com/security/cve/CVE-2017-3291
https://access.redhat.com/security/cve/CVE-2017-3302
https://access.redhat.com/security/cve/CVE-2017-3308
https://access.redhat.com/security/cve/CVE-2017-3309
https://access.redhat.com/security/cve/CVE-2017-3312
https://access.redhat.com/security/cve/CVE-2017-3313
https://access.redhat.com/security/cve/CVE-2017-3317
https://access.redhat.com/security/cve/CVE-2017-3318
https://access.redhat.com/security/cve/CVE-2017-3453
https://access.redhat.com/security/cve/CVE-2017-3456
https://access.redhat.com/security/cve/CVE-2017-3464
https://access.redhat.com/security/cve/CVE-2017-3636
https://access.redhat.com/security/cve/CVE-2017-3641
https://access.redhat.com/security/cve/CVE-2017-3653
https://access.redhat.com/security/cve/CVE-2017-10268
https://access.redhat.com/security/cve/CVE-2017-10286
https://access.redhat.com/security/cve/CVE-2017-10378
https://access.redhat.com/security/cve/CVE-2017-10379
https://access.redhat.com/security/cve/CVE-2017-10384
https://access.redhat.com/security/updates/classification/#moderate
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
https://mariadb.com/kb/en/mariadb/mariadb-10120-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10121-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10128-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10129-release-notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFasmU1XlSAg2UNWIIRAncTAKCA/RqsVxCbTvAulP8rkRDkBeyQswCfb4rI
rF8l/vXwVQ/qtHp2OGaOXF4=oIdA
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2018-0574:01 Moderate: rh-mariadb101-mariadb and

An update for rh-mariadb101-mariadb and rh-mariadb101-galera is now available for Red Hat Software Collections

Summary

MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
The following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb (10.1.29). (BZ#1463417, BZ#1517327)
Security Fix(es):
* mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016) (CVE-2016-5617, CVE-2016-6664)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017) (CVE-2017-3238)
* mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017) (CVE-2017-3243)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2017) (CVE-2017-3244)
* mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017) (CVE-2017-3257)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2017) (CVE-2017-3258)
* mysql: unsafe chmod/chown use in init script (CPU Jan 2017) (CVE-2017-3265)
* mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) (CVE-2017-3291)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2017) (CVE-2017-3308)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) (CVE-2017-3309)
* mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017) (CVE-2017-3312)
* mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017) (CVE-2017-3313)
* mysql: Logging unspecified vulnerability (CPU Jan 2017) (CVE-2017-3317)
* mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017) (CVE-2017-3318)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) (CVE-2017-3453)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2017) (CVE-2017-3456)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2017) (CVE-2017-3464)
* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)
* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)
* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)
* mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017) (CVE-2017-10286)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)
* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)
* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)
* mysql: prepared statement handle use-after-free after disconnect (CVE-2017-3302)
* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, a syntax error in the Galera Arbitrator SysV init script prevented the garbd daemon from being started when the SysV init script was used. With this update, the definition of the main daemon binary in the SysV init script has been fixed, and the described problem no longer occurs. (BZ#1466473)
* Prior to this update, the scl macros were not set for the rh-mariadb101-mariadb@.service file, which consequently made the service file unusable. This bug has been fixed, and rh-mariadb101-mariadb@.service now works as expected. (BZ#1485995)



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

References

https://access.redhat.com/security/cve/CVE-2016-5617 https://access.redhat.com/security/cve/CVE-2016-6664 https://access.redhat.com/security/cve/CVE-2017-3238 https://access.redhat.com/security/cve/CVE-2017-3243 https://access.redhat.com/security/cve/CVE-2017-3244 https://access.redhat.com/security/cve/CVE-2017-3257 https://access.redhat.com/security/cve/CVE-2017-3258 https://access.redhat.com/security/cve/CVE-2017-3265 https://access.redhat.com/security/cve/CVE-2017-3291 https://access.redhat.com/security/cve/CVE-2017-3302 https://access.redhat.com/security/cve/CVE-2017-3308 https://access.redhat.com/security/cve/CVE-2017-3309 https://access.redhat.com/security/cve/CVE-2017-3312 https://access.redhat.com/security/cve/CVE-2017-3313 https://access.redhat.com/security/cve/CVE-2017-3317 https://access.redhat.com/security/cve/CVE-2017-3318 https://access.redhat.com/security/cve/CVE-2017-3453 https://access.redhat.com/security/cve/CVE-2017-3456 https://access.redhat.com/security/cve/CVE-2017-3464 https://access.redhat.com/security/cve/CVE-2017-3636 https://access.redhat.com/security/cve/CVE-2017-3641 https://access.redhat.com/security/cve/CVE-2017-3653 https://access.redhat.com/security/cve/CVE-2017-10268 https://access.redhat.com/security/cve/CVE-2017-10286 https://access.redhat.com/security/cve/CVE-2017-10378 https://access.redhat.com/security/cve/CVE-2017-10379 https://access.redhat.com/security/cve/CVE-2017-10384 https://access.redhat.com/security/updates/classification/#moderate http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL https://mariadb.com/kb/en/mariadb/mariadb-10120-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10121-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10122-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10128-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10129-release-notes/

Package List

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-mariadb101-galera-25.3.12-12.el6.src.rpm rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm
x86_64: rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-mariadb101-galera-25.3.12-12.el6.src.rpm rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm
x86_64: rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-mariadb101-galera-25.3.12-12.el6.src.rpm rh-mariadb101-mariadb-10.1.29-3.el6.src.rpm
x86_64: rh-mariadb101-galera-25.3.12-12.el6.x86_64.rpm rh-mariadb101-galera-debuginfo-25.3.12-12.el6.x86_64.rpm rh-mariadb101-mariadb-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-common-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-config-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-server-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.29-3.el6.x86_64.rpm rh-mariadb101-mariadb-test-10.1.29-3.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-mariadb101-galera-25.3.12-12.el7.src.rpm rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm
x86_64: rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-mariadb101-galera-25.3.12-12.el7.src.rpm rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm
x86_64: rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-mariadb101-galera-25.3.12-12.el7.src.rpm rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm
x86_64: rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-mariadb101-galera-25.3.12-12.el7.src.rpm rh-mariadb101-mariadb-10.1.29-3.el7.src.rpm
x86_64: rh-mariadb101-galera-25.3.12-12.el7.x86_64.rpm rh-mariadb101-galera-debuginfo-25.3.12-12.el7.x86_64.rpm rh-mariadb101-mariadb-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-bench-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-common-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-config-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-debuginfo-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-devel-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-errmsg-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-oqgraph-engine-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-server-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-server-galera-10.1.29-3.el7.x86_64.rpm rh-mariadb101-mariadb-test-10.1.29-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2018:0574-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0574
Issued Date: : 2018-03-21
CVE Names: CVE-2016-5617 CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10268 CVE-2017-10286 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384

Topic

An update for rh-mariadb101-mariadb and rh-mariadb101-galera is nowavailable for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64


Bugs Fixed

1386564 - CVE-2016-6664 CVE-2016-5617 mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016)

1414133 - CVE-2017-3312 mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)

1414338 - CVE-2017-3238 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017)

1414340 - CVE-2017-3243 mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017)

1414342 - CVE-2017-3244 mysql: Server: DML unspecified vulnerability (CPU Jan 2017)

1414350 - CVE-2017-3257 mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)

1414351 - CVE-2017-3258 mysql: Server: DDL unspecified vulnerability (CPU Jan 2017)

1414353 - CVE-2017-3313 mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)

1414355 - CVE-2017-3317 mysql: Logging unspecified vulnerability (CPU Jan 2017)

1414357 - CVE-2017-3318 mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017)

1414423 - CVE-2017-3265 mysql: unsafe chmod/chown use in init script (CPU Jan 2017)

1414429 - CVE-2017-3291 mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017)

1422119 - CVE-2017-3302 mysql: prepared statement handle use-after-free after disconnect

1443358 - CVE-2017-3308 mysql: Server: DML unspecified vulnerability (CPU Apr 2017)

1443359 - CVE-2017-3309 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)

1443365 - CVE-2017-3453 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)

1443369 - CVE-2017-3456 mysql: Server: DML unspecified vulnerability (CPU Apr 2017)

1443379 - CVE-2017-3464 mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)

1466472 - mysql_install_db does not work when --basedir is specified

1466473 - galera arbitrator service init script error on RHEL6

1472686 - CVE-2017-3636 mysql: Client programs unspecified vulnerability (CPU Jul 2017)

1472693 - CVE-2017-3641 mysql: Server: DML unspecified vulnerability (CPU Jul 2017)

1472711 - CVE-2017-3653 mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)

1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)

1503669 - CVE-2017-10286 mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)

1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)

1503685 - CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017)

1503686 - CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)


Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved