| Summary: | mariadb 10.1.39 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Marc Krämer <mageia> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, mageia, sysadmin-bugs |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK | ||
| Source RPM: | mariadb-10.1.38-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Marc Krämer
2019-05-02 21:24:48 CEST
Suggested advisory: ======================== Updated mariadb packages fix security vulnerabilities: One easily exploitable vulnerability and one difficult exploitable vulnerability were discovered that can be used for a dos attack. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2627 ======================== Updated packages in core/updates_testing: ======================== mariadb-10.1.39-1.mga6 mysql-MariaDB-10.1.39-1.mga6 mariadb-cassandra-10.1.39-1.mga6 mariadb-feedback-10.1.39-1.mga6 mariadb-connect-10.1.39-1.mga6 mariadb-sphinx-10.1.39-1.mga6 mariadb-mroonga-10.1.39-1.mga6 mariadb-sequence-10.1.39-1.mga6 mariadb-spider-10.1.39-1.mga6 mariadb-extra-10.1.39-1.mga6 mariadb-obsolete-10.1.39-1.mga6 mariadb-core-10.1.39-1.mga6 mariadb-common-core-10.1.39-1.mga6 mariadb-common-10.1.39-1.mga6 mariadb-client-10.1.39-1.mga6 mariadb-bench-10.1.39-1.mga6 libmariadb18-10.1.39-1.mga6 libmariadb-devel-10.1.39-1.mga6 libmariadb-embedded18-10.1.39-1.mga6 libmariadb-embedded-devel-10.1.39-1.mga6 mariadb-debuginfo-10.1.39-1.mga6 SRPM: mariadb-10.1.39-1.mga6.src.rpm Assignee:
mageia =>
qa-bugs Installed and tested without issues.
Tested using:
- multiple php/mysql/PDO scripts;
- myphpadmin;
- MySQL Workbench;
- mysql CLI;
- Qt5 applications using mysql plugin.
System: Mageia 6, x86_64, Intel CPU.
$ uname -a
Linux marte 4.14.106-desktop-1.mga6 #1 SMP Thu Mar 14 18:01:29 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep -i mariadb | sort
lib64mariadb18-10.1.39-1.mga6
lib64mariadb-embedded18-10.1.39-1.mga6
mariadb-10.1.39-1.mga6
mariadb-bench-10.1.39-1.mga6
mariadb-client-10.1.39-1.mga6
mariadb-common-10.1.39-1.mga6
mariadb-common-core-10.1.39-1.mga6
mariadb-core-10.1.39-1.mga6
mariadb-extra-10.1.39-1.mga6
mariadb-feedback-10.1.39-1.mga6
$ rpm -qa | grep mysql | sort
lib64mysqlcppconn7-1.1.8-1.mga6
lib64qt5-database-plugin-mysql-5.9.4-1.2.mga6
mysql-workbench-6.3.9-1.mga6
perl-DBD-mysql-4.46.0-1.mga6
php-mysqli-7.2.14-1.mga6
php-mysqlnd-7.2.14-1.mga6
php-pdo_mysql-7.2.14-1.mga6
php-pear-MDB2_Driver_mysql-1.5.0-0.0.b10.mga6
php-pear-MDB2_Driver_mysqli-1.5.0-0.0.b9.mga6
$ systemctl status mysqld
● mysqld.service - MySQL database server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: enabled)
Active: active (running) since Sex 2019-05-03 12:19:35 WEST; 16min ago
Process: 7245 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
Main PID: 7261 (mysqld)
Status: "Taking your SQL requests now..."
CPU: 1.607s
CGroup: /system.slice/mysqld.service
└─7261 /usr/sbin/mysqld
Mai 03 12:19:33 marte mysqld[7261]: 2019-05-03 12:19:33 140269545781312 [Note] InnoDB: 128 rollback segment(s) are active.
Mai 03 12:19:33 marte mysqld[7261]: 2019-05-03 12:19:33 140269545781312 [Note] InnoDB: Waiting for purge to start
Mai 03 12:19:33 marte mysqld[7261]: 2019-05-03 12:19:33 140269545781312 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.43-84.3 started; log sequence number 291950009
Mai 03 12:19:34 marte mysqld[7261]: 2019-05-03 12:19:34 140268877641472 [Note] InnoDB: Dumping buffer pool(s) not yet started
Mai 03 12:19:34 marte mysqld[7261]: 190503 12:19:34 server_audit: MariaDB Audit Plugin version 1.4.4 STARTED.
Mai 03 12:19:35 marte mysqld[7261]: 2019-05-03 12:19:35 140269545781312 [Note] /usr/sbin/mysqld: ready for connections.
Mai 03 12:19:35 marte mysqld[7261]: Version: '10.1.39-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 0 Mageia MariaDB Server
Mai 03 12:19:35 marte systemd[1]: Started MySQL database server.
Mai 03 12:24:34 marte mysqld[7261]: 2019-05-03 12:24:34 140268856669952 [Note] feedback plugin: report to 'https://mariadb.org/feedback_plugin/post' was sent
Mai 03 12:24:35 marte mysqld[7261]: 2019-05-03 12:24:35 140268856669952 [Note] feedback plugin: server replied 'ok'CC:
(none) =>
mageia Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Replication). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2019-2614). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Security: Privileges). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2019-2627). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2627 https://mariadb.com/kb/en/library/mariadb-10139-release-notes/ https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL Component:
RPM Packages =>
Security MGA6-64 Plasma on Lenovo B50
No installation issues
At CLI:
# systemctl -l status mysqld
● mysqld.service - MySQL database server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: enabled)
Active: active (running) since zo 2019-05-05 14:29:27 CEST; 6min ago
Main PID: 5024 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mysqld.service
└─5024 /usr/sbin/mysqld
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [Note] InnoDB: Waiting for purge to start
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.43-84.3 started; log se
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072087189248 [Note] InnoDB: Dumping buffer pool(s) not yet started
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [Warning] mysqld: GSSAPI plugin : default principal 'mariadb/mach5.hviaene.thuis@'
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093) : gss_acquire_
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [ERROR] Plugin 'gssapi' init function returned error.
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 190505 14:29:27 server_audit: MariaDB Audit Plugin version 1.4.4 STARTED.
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [Note] /usr/sbin/mysqld: ready for connections.
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: Version: '10.1.39-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 0 Mageia MariaDB Server
mei 05 14:29:27 mach5.hviaene.thuis systemd[1]: Started MySQL database server.
I wanted to test as usual with phpmyadmin, but on installing that one I get:
"php-mcrypt is obsoleted by (geïnstalleerd) lib64php_common7-3:7.2.11-3.mga6.x86_64
Having to lookup another way of testing. AFAICS this is nowhere the fault of mariadb, but it's annoying.
Installing mysql-workbench has the same problem.CC:
(none) =>
herman.viaene From bug 23967 Comment 3 $ mysql_upgrade -p --skip-write-binlog Enter password: Phase 1/7: Checking and upgrading mysql database Processing databases mysql mysql.column_stats OK mysql.columns_priv OK mysql.db OK mysql.event OK mysql.func OK and a long list......Phase 2/7: Installing used storage engines... Skipped Phase 3/7: Fixing views Phase 4/7: Running 'mysql_fix_privilege_tables' Phase 5/7: Fixing table and database names Phase 6/7: Checking and upgrading tables Processing databases dbbglpi dbbglpi.glpi_alerts OK dbbglpi.glpi_apiclients OK dbbglpi.glpi_authldapreplicates OK dbbglpi.glpi_authldaps OK dbbglpi.glpi_authmails OK dbbglpi.glpi_autoupdatesystems OK etc ....... information_schema performance_schema test Phase 7/7: Running 'FLUSH PRIVILEGES' OK Could not create the upgrade info file '/var/lib/mysql/mysql_upgrade_info' in the MySQL Servers datadir, errno: 13 information_schema performance_schema test Phase 7/7: Running 'FLUSH PRIVILEGES' OK Could not create the upgrade info file '/var/lib/mysql/mysql_upgrade_info' in the MySQL Servers datadir, errno: 13 The last line is caused by running the command as normal user, as root all is OK. Connected with mysql command to existing "test" database", created a table, inserted a row a values and ead the table, all OK.
MariaDB [test]> show tables;
Empty set (0.00 sec)
MariaDB [test]> create table testtab(kol1 int, koll2 char(20), kol3 char(100));
Query OK, 0 rows affected (0.65 sec)
MariaDB [test]> show tables;
+----------------+
| Tables_in_test |
+----------------+
| testtab |
+----------------+
1 row in set (0.00 sec)
MariaDB [test]> insert into testtab(kol1,koll2,kol3) values (1,"aaa","bbbbbbbbbb");
Query OK, 1 row affected (0.05 sec)
MariaDB [test]> select * from testtab
-> ;
+------+-------+------------+
| kol1 | koll2 | kol3 |
+------+-------+------------+
| 1 | aaa | bbbbbbbbbb |
+------+-------+------------+
1 row in set (0.00 sec)
Good enough for me.Whiteboard:
(none) =>
MGA6-64-OK If you run php 7.2 from backports, you have to install php-mcrypt from backports as well. Advisory committed to svn. Validating the update. Keywords:
(none) =>
advisory, validated_backport Fixing validated_update instead of validated_backport. Keywords:
validated_backport =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0181.html Status:
NEW =>
RESOLVED |