MariaDB 5.5.44 and 10.0.20 have been released on June 11 and June 18: https://blog.mariadb.org/mariadb-5-5-44-now-available/ https://blog.mariadb.org/mariadb-10-0-20-now-available/ We should update them as usual. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Oden gave information on a security issue fixed in these releases: https://bugzilla.redhat.com/show_bug.cgi?id=1217506 http://www.securityweek.com/mysql-ssltls-connections-risk-due-backronym-flaw Also known as oCERT-2015-003 and BACKRONYM, apparently.
CC: (none) => oeSummary: mariadb 5.5.44 and 10.0.20 => mariadb 5.5.44 and 10.0.20 (fixes CVE-2015-3152)
*** Bug 16265 has been marked as a duplicate of this bug. ***
Fedora has issued an advisory for this on June 27: https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
URL: (none) => http://lwn.net/Vulnerabilities/650296/
Updated packages uploaded for Mageia 4, Mageia 5, and Cauldron by Maarten. Please go ahead and assign to QA when it's ready. Thanks! References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152 https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html Updated packages in core/updates_testing: ======================== mariadb-5.5.44-1.mga4 mysql-MariaDB-5.5.44-1.mga4 mariadb-feedback-5.5.44-1.mga4 mariadb-extra-5.5.44-1.mga4 mariadb-obsolete-5.5.44-1.mga4 mariadb-core-5.5.44-1.mga4 mariadb-common-core-5.5.44-1.mga4 mariadb-common-5.5.44-1.mga4 mariadb-client-5.5.44-1.mga4 mariadb-bench-5.5.44-1.mga4 libmariadb18-5.5.44-1.mga4 libmariadb-devel-5.5.44-1.mga4 libmariadb-embedded18-5.5.44-1.mga4 mariadb-10.0.20-1.mga5 mysql-MariaDB-10.0.20-1.mga5 mariadb-cassandra-10.0.20-1.mga5 mariadb-feedback-10.0.20-1.mga5 mariadb-oqgraph-10.0.20-1.mga5 mariadb-connect-10.0.20-1.mga5 mariadb-sphinx-10.0.20-1.mga5 mariadb-mroonga-10.0.20-1.mga5 mariadb-sequence-10.0.20-1.mga5 mariadb-spider-10.0.20-1.mga5 mariadb-extra-10.0.20-1.mga5 mariadb-obsolete-10.0.20-1.mga5 mariadb-core-10.0.20-1.mga5 mariadb-common-core-10.0.20-1.mga5 mariadb-common-10.0.20-1.mga5 mariadb-client-10.0.20-1.mga5 mariadb-bench-10.0.20-1.mga5 libmariadb18-10.0.20-1.mga5 libmariadb-devel-10.0.20-1.mga5 libmariadb-embedded18-10.0.20-1.mga5 libmariadb-embedded-devel-10.0.20-1.mga5 from SRPMS: mariadb-5.5.44-1.mga4.src.rpm mariadb-10.0.20-1.mga5.src.rpm
Version: Cauldron => 5Whiteboard: MGA5TOO, MGA4TOO => MGA4TOO
Corresponding Oracle CPU: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Debian has issued advisories for this on July 18 and July 20: https://www.debian.org/security/2015/dsa-3308 https://www.debian.org/security/2015/dsa-3311 LWN reference for additional CVEs fixed in 5.5.44: http://lwn.net/Vulnerabilities/651764/ Assigning to QA since there was no response from Maarten. Package list in Comment 4. Advisory: ======================== Updated mariadb packages fix security vulnerabilities: The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled (CVE-2015-3152). The Mageia 4 update also fixes other unspecified security issues, such as CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, and CVE-2015-4752. Refer to the Oracle Critical Patch Update for details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2582 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4752 https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/ http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
CC: (none) => alienAssignee: alien => qa-bugs
Severity: normal => major
Component: RPM Packages => Security
CC: (none) => davidwhodginsWhiteboard: MGA4TOO => MGA4TOO advisory MGA4-64-OK
In VirtualBox, M4, KDE, 32-bit Create mariadb/mysql db PW: testmaria Package(s) under test: mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra default install of mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.43-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-5.5.43-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-5.5.43-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-5.5.43-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-5.5.43-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-5.5.43-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-5.5.43-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-5.5.43-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-5.5.43-1.mga4.i586 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable install mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-5.5.44-1.mga4.i586 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up and is usable Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.28-1.mga4.x86_64 virtualbox-guest-additions-4.3.28-1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Create mariadb/mysql db PW: testmaria Package(s) under test: mariadb lib64mariadb-embedded18 li64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra default install of mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.43-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi li64mariadb-embedded18 No package named li64mariadb-embedded18 [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-5.5.43-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-5.5.43-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-5.5.43-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-5.5.43-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-5.5.43-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-5.5.43-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-5.5.43-1.mga4.x86_64 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable install mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-5.5.44-1.mga4.x86_64 is already installed Stop and restart mysqld http://localhost/mediawiki opens, re-sets up and is usable http://localhost/phpmyadmin opens, is usable and I can create a db Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.28-1.mga4.x86_64 virtualbox-guest-additions-4.3.28-1.mga4.x86_64
MGA4-32 on Acer D620. No installation issues. Can stop, start mysql and use phpmyadmin as per Comment 7
CC: (none) => herman.viaeneWhiteboard: MGA4TOO advisory MGA4-64-OK => MGA4TOO advisory MGA4-64-OK MGA4-32-OK
In VirtualBox, M5, KDE, 32-bit Create mariadb/mysql db PW: testmaria Package(s) under test: mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra default install of mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-10.0.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-10.0.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.0.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.0.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.0.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.0.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.0.19-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.0.19-1.mga5.i586 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable install mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing stop and restart mysqld [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.0.20-1.mga5.i586 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.28-1.mga4.x86_64 virtualbox-guest-additions-4.3.28-1.mga4.x86_64
In VirtualBox, M5, KDE, 64-bit Create mariadb/mysql db PW: testmaria Package(s) under test: mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra default install of mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-10.0.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-10.0.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.0.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.0.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.0.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.0.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.0.19-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.0.19-1.mga5.x86_64 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable install mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing stop and restart mysqld [[root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.0.20-1.mga5.x86_64 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.28-1.mga4.x86_64 virtualbox-guest-additions-4.3.28-1.mga4.x86_64
Adding MGA5-32-OK MGA5-64-OK per the previous comments.
CC: (none) => shlomifWhiteboard: MGA4TOO advisory MGA4-64-OK MGA4-32-OK => MGA4TOO advisory MGA4-64-OK MGA4-32-OK MGA5-32-OK MGA5-64-OK
Validating. Is adding sysadmins in CC still needed / advised?
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
> Is adding sysadmins in CC still needed / advised? Not that I know of, the advisory whiteboard marker and validated_update keyword should be enough (unless we really want to make sure that the sysadmins get an email notification about an important update waiting for a push).
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0279.html
Status: NEW => RESOLVEDResolution: (none) => FIXED