Stay Secure with the Latest Linux Advisories

security advisoryupdatecritical

Fedora 25: Mariadb 10.1.24 Critical Update for Plugins and Security

**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB **Removed patches: (fixed by upstream)** Patch5: %{pkgnamepatch}-file-contents.patch Patch14: %{pkgnamepatch}-example-config-. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-2c0609b92a 2017-06-16 13:14:53.497492 --------------------------------------------------------------------------------Name : mariadb Product : Fedora 25 Version : 10.1.24 Release : 3.fc25 URL : http://mariadb.org Summary : A community developed branch of MySQL Description : MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. --------------------------------------------------------------------------------Update Information: **Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB **Removed patches: (fixed by upstream)** Patch5: %{pkgnamepatch}-file-contents.patch Patch14: %{pkgnamepatch}-example-config-files.patch Patch31: %{pkgnamepatch}-string-overflow.patch Patch32: %{pkgnamepatch}-basedir.patch Patch41: %{pkgnamepatch}-galera-new-cluster-help.patch **CVEs fix** CVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 **Testsuite** Enabled '--big-test' option for the testsuite Disabled '--skip-rpl' option forthe testsuite = replication tests enabled **Warning** Some Spider tests started to fail, the engine can be probabbly unsafe now. **Aditional bugs solved:** #1459671: mariadb fails to start with tokudb; jemalloc not correctly enabled ---- **Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB **Removed patches: (fixed by upstream)** Patch5: %{pkgnamepatch}-file-contents.patch Patch14: %{pkgnamepatch}-example-config-files.patch Patch31: %{pkgnamepatch}-string-overflow.patch Patch32: %{pkgnamepatch}-basedir.patch Patch41: %{pkgnamepatch}-galera-new-cluster-help.patch **CVEs fix** CVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 **Testsuite** Enabled '--big-test' option for the testsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled **Warning** Some Spider tests started to fail, the engine can be probabbly unsafe now. **Aditional bugs solved:** #1459671: mariadb fails to start with tokudb; jemalloc not correctly enabled ---- **Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison and Libarchive added, others corrected Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB **Removed patches: (fixed by upstream)** Patch5: %{pkgnamepatch}-file-contents.patch Patch14: %{pkgnamepatch}-example-config-files.patch Patch31: %{pkgnamepatch}-string-overflow.patch Patch32: %{pkgnamepatch}-basedir.patch Patch41: %{pkgnamepatch}-galera-new-cluster-help.patch **CVEs fix** CVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 **Testsuite** Enabled '--big-test' option for thetestsuite Disabled '--skip-rpl' option for the testsuite = replication tests enabled **Warning** Some Spider tests started to fail, the engine can be probabbly unsafe now. --------------------------------------------------------------------------------References: [ 1 ] Bug #1414387 - CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 mariadb: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1414387 [ 2 ] Bug #1459671 - mariadb fails to start with tokudb; jemalloc not correctly enabled https://bugzilla.redhat.com/show_bug.cgi?id=1459671 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mariadb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Improve your Fedora 25 configuration by applying this MariaDB update to address significant vulnerabilities and adjust plugin compatibility.. Fedora, MariaDB, security advisory, software update, database engine. . Severity: Critical. LinuxSecurity.com Team

Jun 16, 2017 •Critical Fedora