Red Hat Enterprise Linux 7: RHSA-2018-2439-01 Moderate: MariaDB Update

red hat

August 16, 2018

An update for mariadb is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Summary

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)
Security Fix(es):
* mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)
* mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)
* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)
* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)
* mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)
* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)
* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)
* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)
* mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)
* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)
* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)
* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)

Topics Covered

security advisory moderate Red Hat update bug fix MariaDB

References

https://access.redhat.com/security/cve/CVE-2017-3636 https://access.redhat.com/security/cve/CVE-2017-3641 https://access.redhat.com/security/cve/CVE-2017-3651 https://access.redhat.com/security/cve/CVE-2017-3653 https://access.redhat.com/security/cve/CVE-2017-10268 https://access.redhat.com/security/cve/CVE-2017-10378 https://access.redhat.com/security/cve/CVE-2017-10379 https://access.redhat.com/security/cve/CVE-2017-10384 https://access.redhat.com/security/cve/CVE-2018-2562 https://access.redhat.com/security/cve/CVE-2018-2622 https://access.redhat.com/security/cve/CVE-2018-2640 https://access.redhat.com/security/cve/CVE-2018-2665 https://access.redhat.com/security/cve/CVE-2018-2668 https://access.redhat.com/security/cve/CVE-2018-2755 https://access.redhat.com/security/cve/CVE-2018-2761 https://access.redhat.com/security/cve/CVE-2018-2767 https://access.redhat.com/security/cve/CVE-2018-2771 https://access.redhat.com/security/cve/CVE-2018-2781 https://access.redhat.com/security/cve/CVE-2018-2813 https://access.redhat.com/security/cve/CVE-2018-2817 https://access.redhat.com/security/cve/CVE-2018-2819 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: mariadb-5.5.60-1.el7_5.src.rpm
x86_64: mariadb-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-libs-5.5.60-1.el7_5.i686.rpm mariadb-libs-5.5.60-1.el7_5.x86_64.rpm mariadb-server-5.5.60-1.el7_5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: mariadb-bench-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-devel-5.5.60-1.el7_5.i686.rpm mariadb-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-5.5.60-1.el7_5.i686.rpm mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-test-5.5.60-1.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: mariadb-5.5.60-1.el7_5.src.rpm
x86_64: mariadb-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-libs-5.5.60-1.el7_5.i686.rpm mariadb-libs-5.5.60-1.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: mariadb-bench-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm

Read the Full Advisory

Advisory ID: RHSA-2018:2439-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2018:2439

Issue date: 2018-08-16

Topic

An update for mariadb is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory moderate Red Hat update bug fix MariaDB

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

Bugs Fixed

1472686 - CVE-2017-3636 mysql: Client programs unspecified vulnerability (CPU Jul 2017)

1472693 - CVE-2017-3641 mysql: Server: DML unspecified vulnerability (CPU Jul 2017)

1472708 - CVE-2017-3651 mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)

1472711 - CVE-2017-3653 mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)

1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)

1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)

1503685 - CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017)

1503686 - CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)

1535484 - CVE-2018-2562 mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)

1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)

1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)

1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)

1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)

1564965 - CVE-2018-2767 mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)

1568921 - CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux 7: RHSA-2018-2439-01 Moderate: MariaDB Update

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux 7: RHSA-2018-2439-01 Moderate: MariaDB Update

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!