| Summary: | mariadb 5.5.43 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | alien, lewyssmith, oe, sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/641082/ | ||
| Whiteboard: | has_procedure advisory MGA4-32-OK MGA4-64-OK | ||
| Source RPM: | mariadb-5.5.42-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-04-20 17:44:35 CEST
David Walser
2015-04-20 20:41:31 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/641082/ mariadb-5.5.43-1.mga4 has been submitted now. CC:
(none) =>
oe Thanks Oden! Advisory to come later. Package list: mariadb-5.5.43-1.mga4 mysql-MariaDB-5.5.43-1.mga4 mariadb-feedback-5.5.43-1.mga4 mariadb-extra-5.5.43-1.mga4 mariadb-obsolete-5.5.43-1.mga4 mariadb-core-5.5.43-1.mga4 mariadb-common-core-5.5.43-1.mga4 mariadb-common-5.5.43-1.mga4 mariadb-client-5.5.43-1.mga4 mariadb-bench-5.5.43-1.mga4 libmariadb18-5.5.43-1.mga4 libmariadb-devel-5.5.43-1.mga4 libmariadb-embedded18-5.5.43-1.mga4 libmariadb-embedded-devel-5.5.43-1.mga4 from mariadb-5.5.43-1.mga4.src.rpm CC:
(none) =>
alien https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer (CVE-2015-2571). Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL (CVE-2015-0505). Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling (CVE-2015-0501). Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated (CVE-2015-0499). Thanks Oden! Advisory: ======================== Updated mariadb packages fix security vulnerabilities: This update provides MariaDB 5.5.43, which fixes several security issues and other bugs. Please refer to the Oracle Critical Patch Update Advisories and the Release Notes for MariaDB for further information regarding the security vulnerabilities. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2571 https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL http://www.mandriva.com/en/support/security/advisories/mbs2/MDVSA-2015%3A227/ Update works fine on our production Moodle server at work, Mageia 4 i586. Whiteboard:
(none) =>
MGA4-32-OK Testing (very minimally) MGA4 x64 real hardware. Having played with phpmyadmin and Moodle (using MariaDB), everything seems to function within my meagre knowledge especially of how to drive Moodle. So, thanks to David's more +ve feedback Comment 5: OK. CC:
(none) =>
lewyssmith Validating. Advisory uploaded. Please push to 4 updates Thanks! Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0193.html Status:
NEW =>
RESOLVED Other CVEs that may have been relevant: http://lwn.net/Vulnerabilities/645935/ |