| Summary: | mariadb 10.1.30 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | alien, herman.viaene, mageia, mageia, marja11, sysadmin-bugs |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK MGA6-64-OK | ||
| Source RPM: | mariadb-10.1.29-2.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2018-01-16 12:26:26 CET
Assigning to mjack and CC'ing mkraemer, I hope they're willing to help again with mariadb. Also CC'ing the registerd maintainer of mariadb CC:
(none) =>
alien, mageia, marja11
Marc Krämer
2018-01-16 16:44:32 CET
Assignee:
jackal.j =>
mageia Updated package uploaded for Mageia 6. Advisory: ======================== Updated mariadb package to 10.1.30 fixes security vulnerability: It was discovered that mariadb contained a security vulnerability (CVE-2017-15365). This update fixes a few more bugs on the InnoDB Engine. References: https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365 Updated packages in core/updates_testing: ======================== lib64mariadb18-10.1.30-1.mga6 lib64mariadb-devel-10.1.30-1.mga6 lib64mariadb-embedded18-10.1.30-1.mga6 lib64mariadb-embedded-devel-10.1.30-1.mga6 mariadb-10.1.30-1.mga6 mariadb-bench-10.1.30-1.mga6 mariadb-cassandra-10.1.30-1.mga6 mariadb-client-10.1.30-1.mga6 mariadb-common-10.1.30-1.mga6 mariadb-common-core-10.1.30-1.mga6 mariadb-connect-10.1.30-1.mga6 mariadb-core-10.1.30-1.mga6 mariadb-debuginfo-10.1.30-1.mga6 mariadb-extra-10.1.30-1.mga6 mariadb-feedback-10.1.30-1.mga6 mariadb-mroonga-10.1.30-1.mga6 mariadb-obsolete-10.1.30-1.mga6 mariadb-sequence-10.1.30-1.mga6 mariadb-sphinx-10.1.30-1.mga6 mariadb-spider-10.1.30-1.mga6 mysql-MariaDB-10.1.30-1.mga6 form SRPM: mariadb-10.1.30-1.mga6.src.rpm
Marc Krämer
2018-01-16 17:19:49 CET
Assignee:
mageia =>
qa-bugs An apology to AL13N, I wasn't aware he's available again 2018:01:16:17:02 < AL13N> marja: i'm testbuilding mariadb for mga6 locally atm, i'll submit to updates_testing when it's ok 2018:01:16:17:03 < AL13N> (takes a while) From now on, I'll assign new mariadb bug reports to him again. I was just helping, I'm fine if someone else does mariadb :-)
David Walser
2018-01-17 03:23:26 CET
QA Contact:
(none) =>
security MGA6-32 on Dell Latitude D600 Mate
No installation issues
At CLI as root:
# systemctl start mysqld
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
.....
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] n
... skipping.
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Then started phpmyadmin, created new database, new table with 4 columns of different datatypes (int, varchar, timestamp) all OKCC:
(none) =>
herman.viaene Installed and tested without issues. Tests included a days work and some extra tests running: - PHP scripts that use a DB in MariaDB; - applications using the Qt5 MySQL plugin (lib64qt5-database-plugin-mysql-5.6.2-11.mga6); - SQL scripts, some quite complex/heavy; - MySQL Workbench; - /usr/bin/mysql_client_test. System: Mageia 6, x86_64, Intel CPU. $ uname -a Linux marte 4.14.13-desktop-1.mga6 #1 SMP Wed Jan 10 12:48:53 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep mariadb | sort lib64mariadb18-10.1.30-1.mga6 lib64mariadb-embedded18-10.1.30-1.mga6 mariadb-10.1.30-1.mga6 mariadb-bench-10.1.30-1.mga6 mariadb-client-10.1.30-1.mga6 mariadb-common-10.1.30-1.mga6 mariadb-common-core-10.1.30-1.mga6 mariadb-core-10.1.30-1.mga6 mariadb-extra-10.1.30-1.mga6 mariadb-feedback-10.1.30-1.mga6 $ mysql_upgrade -p --skip-write-binlog Enter password: Phase 1/7: Checking and upgrading mysql database Processing databases <SNIP - ALL OK> Phase 2/7: Installing used storage engines Checking for tables with unknown storage engine Phase 3/7: Fixing views Phase 4/7: Running 'mysql_fix_privilege_tables' Phase 5/7: Fixing table and database names Phase 6/7: Checking and upgrading tables Processing databases <SNIP - ALL OK> Phase 7/7: Running 'FLUSH PRIVILEGES' OK $ /usr/bin/mysql_client_test -p <SNIP LOTS OF OUTPUT - NO ERRORS> CC:
(none) =>
mageia
Lewis Smith
2018-01-18 21:08:24 CET
CC:
(none) =>
sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0088.html Resolution:
(none) =>
FIXED |