Upstream has released new versions 5.5.45 and 10.0.21 on August 6: https://blog.mariadb.org/mariadb-10-0-21-and-5-5-45-now-available/ I don't know what security issues may have been fixed, but we should update as usual. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
URL: (none) => http://lwn.net/Vulnerabilities/655842/
The security related fix in these releases is from MySQL 5.5.45, noted here: https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html They increased the key length used for creating Diffie-Hellman keys. This was also noted in the MariaDB 5.5.45 and 10.0.21 release notes: https://mariadb.com/kb/en/mariadb/mariadb-5545-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes/ The updates are building now. Advisory: ======================== Updated mariadb packages fix security vulnerability: The mariadb packages have been updated to versions 5.5.45 and 10.0.21 for Mageia 4 and Mageia 5, respectively. The key length for creating Diffie- Hellman keys has been increased to 2048 bits, and other bugs have been fixed. See the upstream release notes for more details. References: https://mariadb.com/kb/en/mariadb/mariadb-5545-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes/ https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164366.html ======================== Updated packages in core/updates_testing: ======================== mariadb-5.5.45-1.mga4 mysql-MariaDB-5.5.45-1.mga4 mariadb-feedback-5.5.45-1.mga4 mariadb-extra-5.5.45-1.mga4 mariadb-obsolete-5.5.45-1.mga4 mariadb-core-5.5.45-1.mga4 mariadb-common-core-5.5.45-1.mga4 mariadb-common-5.5.45-1.mga4 mariadb-client-5.5.45-1.mga4 mariadb-bench-5.5.45-1.mga4 libmariadb18-5.5.45-1.mga4 libmariadb-devel-5.5.45-1.mga4 libmariadb-embedded18-5.5.45-1.mga4 mariadb-10.0.21-1.mga5 mysql-MariaDB-10.0.21-1.mga5 mariadb-cassandra-10.0.21-1.mga5 mariadb-feedback-10.0.21-1.mga5 mariadb-oqgraph-10.0.21-1.mga5 mariadb-connect-10.0.21-1.mga5 mariadb-sphinx-10.0.21-1.mga5 mariadb-mroonga-10.0.21-1.mga5 mariadb-sequence-10.0.21-1.mga5 mariadb-spider-10.0.21-1.mga5 mariadb-extra-10.0.21-1.mga5 mariadb-obsolete-10.0.21-1.mga5 mariadb-core-10.0.21-1.mga5 mariadb-common-core-10.0.21-1.mga5 mariadb-common-10.0.21-1.mga5 mariadb-client-10.0.21-1.mga5 mariadb-bench-10.0.21-1.mga5 libmariadb18-10.0.21-1.mga5 libmariadb-devel-10.0.21-1.mga5 libmariadb-embedded18-10.0.21-1.mga5 libmariadb-embedded-devel-10.0.21-1.mga5 from SRPMS: mariadb-5.5.45-1.mga4.src.rpm mariadb-10.0.21-1.mga5.src.rpm
Version: Cauldron => 5Assignee: alien => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => MGA4TOO
Component: RPM Packages => Security
In VirtualBox, M4, KDE, 32-bit Create mariadb/mysql db PW: testmaria Package(s) under test: mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra default install of mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-5.5.44-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-5.5.44-1.mga4.i586 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable install mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.45-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-5.5.45-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-5.5.45-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-5.5.45-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-5.5.45-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-5.5.45-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-5.5.45-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-5.5.45-1.mga4.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-5.5.45-1.mga4.i586 is already installed All packages update cleanly http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up and is usable open previous db, creates a new one.
CC: (none) => wilcal.int
Whiteboard: MGA4TOO => MGA4TOO MGA4-32-OK
In VirtualBox, M4, KDE, 64-bit Install: mediawiki phpmyadmin Create mariadb/mysql db PW: testmaria Package(s) under test: mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra default install of mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-5.5.44-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-5.5.44-1.mga4.x86_64 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable install mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-5.5.45-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-5.5.45-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-5.5.45-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-5.5.45-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-5.5.45-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-5.5.45-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-5.5.45-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-5.5.45-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-5.5.45-1.mga4.x86_64 is already installed All packages update cleanly http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up and is usable, opens the previously created db, creates a new one.
Whiteboard: MGA4TOO MGA4-32-OK => MGA4TOO MGA4-32-OK MGA4-64-OK
In VirtualBox, M5, KDE, 32-bit Create mariadb/mysql db PW: testmaria Package(s) under test: mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra default install of mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.0.20-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.0.20-1.mga5.i586 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable install mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-10.0.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-10.0.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.0.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.0.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.0.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.0.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.0.21-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.0.21-1.mga5.i586 is already installed All packages update cleanly http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up and is usable, opens the previously created db, creates a new one.
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK
In VirtualBox, M5, KDE, 64-bit Install: mediawiki phpmyadmin Create mariadb/mysql db PW: testmaria Package(s) under test: mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra default install of mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.0.20-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.0.20-1.mga5.x86_64 is already installed http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up, I can create databases and is usable install mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-10.0.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-10.0.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.0.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.0.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.0.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.0.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.0.21-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.0.21-1.mga5.x86_64 is already installed All packages update cleanly http://localhost/mediawiki opens, sets up and is usable http://localhost/phpmyadmin opens, sets up and is usable, opens the previously created db, creates a new one.
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-32-OK
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-32-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
Advisory uploaded.
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK => MGA4TOO advisory MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0362.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
MariaDB 10.0.21 also fixed: CVE-2015-4816 CVE-2015-4819 CVE-2015-4879 CVE-2015-4895 according to the release notes: https://mariadb.com/kb/en/mariadb/mariadb-10021-release-notes/