Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.
MariaDB is a multi-user, multi-threaded SQL database server. For all
practical purposes, MariaDB is binary-compatible with MySQL.
The following packages have been upgraded to a later upstream version:
rh-mariadb102-mariadb (10.2.22), rh-mariadb102-galera (25.3.25).
Security Fix(es):
* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10268)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10378)
* mariadb: Replication in sql/event_data_objects.cc occurs before ACL
checks (CVE-2017-15365)
* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2562)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2622)
* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jan
2018) (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)
* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2755)
* mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2018)
(CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2782, CVE-2018-2784,
CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2819)
* mysql: Client programs unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2761)
* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2771)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2781)
* mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2018)
(CVE-2018-2813, CVE-2018-2817)
* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)
* mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2018)
(CVE-2018-3060, CVE-2018-3064)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2018) (CVE-2018-3063)
* mysql: Client programs unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3081)
* mysql: Server: Parser unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3133)
* mysql: InnoDB multiple unspecified vulnerabilities (CPU Oct 2018)
(CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3185,
CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3284)
* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3282)
* mysql: Server: Parser unspecified vulnerability (CPU Jan 2019)
(CVE-2019-2455)
* mysql: Server: Connection Handling unspecified vulnerability (CPU Jan
2019) (CVE-2019-2503)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
(CVE-2019-2537)
* mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3066)
* mysql: Init script calling kill with root privileges using pid from
pidfile owned by mysql user (CPU Oct 2018) (CVE-2018-3174)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* SELinux blocks working in /tmp directory for wsrep_recover_position
function (BZ#1701252)
* mysql faces a bug which prevents bacula from functioning (BZ#1701254)
* GSSAPI module build fix - backport request (BZ#1701257)
* Deadlock in RNG initialization in the FIPS mode on some circumstances
(BZ#1701258)
* Use appropriate version of Galera (BZ#1704162)
* Encountered WSREP: BF lock wait long for trx MariaDB 10.2.8 (BZ#1709233)
https://access.redhat.com/security/cve/CVE-2017-10268 https://access.redhat.com/security/cve/CVE-2017-10378 https://access.redhat.com/security/cve/CVE-2017-15365 https://access.redhat.com/security/cve/CVE-2018-2562 https://access.redhat.com/security/cve/CVE-2018-2612 https://access.redhat.com/security/cve/CVE-2018-2622 https://access.redhat.com/security/cve/CVE-2018-2640 https://access.redhat.com/security/cve/CVE-2018-2665 https://access.redhat.com/security/cve/CVE-2018-2668 https://access.redhat.com/security/cve/CVE-2018-2755 https://access.redhat.com/security/cve/CVE-2018-2759 https://access.redhat.com/security/cve/CVE-2018-2761 https://access.redhat.com/security/cve/CVE-2018-2766 https://access.redhat.com/security/cve/CVE-2018-2771 https://access.redhat.com/security/cve/CVE-2018-2777 https://access.redhat.com/security/cve/CVE-2018-2781 https://access.redhat.com/security/cve/CVE-2018-2782 https://access.redhat.com/security/cve/CVE-2018-2784 https://access.redhat.com/security/cve/CVE-2018-2786 https://access.redhat.com/security/cve/CVE-2018-2787 https://access.redhat.com/security/cve/CVE-2018-2810 https://access.redhat.com/security/cve/CVE-2018-2813 https://access.redhat.com/security/cve/CVE-2018-2817 https://access.redhat.com/security/cve/CVE-2018-2819 Read the Full Advisory
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
rh-mariadb102-galera-25.3.25-1.el6.src.rpm
rh-mariadb102-mariadb-10.2.22-1.el6.src.rpm
x86_64:
rh-mariadb102-galera-25.3.25-1.el6.x86_64.rpm
rh-mariadb102-galera-debuginfo-25.3.25-1.el6.x86_64.rpm
rh-mariadb102-mariadb-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-backup-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-bench-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-common-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-config-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-devel-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-errmsg-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-galera-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.22-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.22-1.el6.x86_64.rpm
Read the Full Advisory
An update for rh-mariadb102-mariadb and rh-mariadb102-galera is nowavailable for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
1524234 - CVE-2017-15365 mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks
1535484 - CVE-2018-2562 mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
1535497 - CVE-2018-2612 mysql: InnoDB unspecified vulnerability (CPU Jan 2018)
1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1568921 - CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
1568923 - CVE-2018-2759 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568924 - CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
1568926 - CVE-2018-2766 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568931 - CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
1568937 - CVE-2018-2777 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1568942 - CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
Get the latest Linux and open source security news straight to your inbox.