Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux 7.x SLSA-2016:0534-1 Moderate: MariaDB Security Advisory

Calendar Apr 04, 2016 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate bug fix security fix x86_64 mariadb scientific linux
Moderate: mariadb security and bug fix update 
Date: Mon, 4 Apr 2016 13:57:09 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: mariadb on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20160404135709.19291.35144@slpackages.fnal.gov>

Synopsis: Moderate: mariadb security and bug fix update
Advisory ID: SLSA-2016:0534-1
Issue Date: 2016-04-04
CVE Numbers: CVE-2015-4792
 CVE-2015-4802
 CVE-2015-4815
 CVE-2015-4816
 CVE-2015-4819
 CVE-2015-4826
 CVE-2015-4830
 CVE-2015-4836
 CVE-2015-4858
 CVE-2015-4861
 CVE-2015-4870
 CVE-2015-4879
 CVE-2015-4913
 CVE-2016-0505
 CVE-2016-0546
 CVE-2016-0596
 CVE-2016-0597
 CVE-2016-0598
 CVE-2016-0600
 CVE-2016-0606
 CVE-2016-0608
 CVE-2016-0609
 CVE-2016-0616
 CVE-2016-2047
--

Security Fix(es):

* It was found that the MariaDB client library did not properly check host
names against server identities noted in the X.509 certificates when
establishing secure connections using TLS/SSL. A man-in-the-middle
attacker could possibly use this flaw to impersonate a server to a client.
(CVE-2016-2047)

(CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816,
CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858,
CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505,
CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600,
CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)

Bug Fix(es):

* When more than one INSERT operation was executed concurrently on a non-
empty InnoDB table with an AUTO_INCREMENT column defined as a primary key
immediately after starting MariaDB, a race condition could occur. As a
consequence, one of the concurrent INSERT operations failed with a
"Duplicate key" error message. A patch has been applied to prevent the
race condition. Now, each row inserted as a result of the concurrent
INSERT operations receives a unique primary key, and the operations no
longer fail in this scenario.
--

SL7
 x86_64
 mariadb-5.5.47-1.el7_2.x86_64.rpm
 mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm
 mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm
 mariadb-libs-5.5.47-1.el7_2.i686.rpm
 mariadb-libs-5.5.47-1.el7_2.x86_64.rpm
 mariadb-server-5.5.47-1.el7_2.x86_64.rpm
 mariadb-bench-5.5.47-1.el7_2.x86_64.rpm
 mariadb-devel-5.5.47-1.el7_2.i686.rpm
 mariadb-devel-5.5.47-1.el7_2.x86_64.rpm
 mariadb-embedded-5.5.47-1.el7_2.i686.rpm
 mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm
 mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm
 mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm
 mariadb-test-5.5.47-1.el7_2.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here