17065 – mariadb 10.0.22

Bug 17065 - mariadb 10.0.22

Summary: mariadb 10.0.22

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/662057/
Whiteboard:	advisory MGA5-32-OK mga5-64-ok
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2015-11-02 20:50 CET by David Walser
Modified:	2015-11-16 22:37 CET (History)
CC List:	5 users (show)

See Also:
Source RPM:	mariadb-10.0.21-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-11-02 20:50:05 CET

Debian has issued an advisory on October 31:
https://www.debian.org/security/2015/dsa-3385

Most of the security issues have been fixed in 10.0.22 itself.

Reproducible: 

Steps to Reproduce:

Comment 1 David Walser 2015-11-02 20:52:06 CET

MariaDB 10.0.22 release notes from October 29:
https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes/

Comment 2 David Walser 2015-11-02 21:00:29 CET

Some of the CVEs are here:
http://lwn.net/Vulnerabilities/662069/

Comment 3 Thomas Backlund 2015-11-11 22:25:52 CET

got tired of waiting... 10.0.22 pushed to cauldron and mga5 testing

CVEs listed in debian advisory is partly fixed in 10.0.21 (which we already have). and the rest is fixed in 10.0.22

CVE-2015-4807 is windows only...


advisory (also added to svn)

  This update provides the upstream 10.0.22 maintenance release and fixes
  the following security issues:

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
  5.6.26 and earlier allows remote authenticated users to affect availability
  via unknown vectors related to Server : Partition, a different vulnerability
  than CVE-2015-4792. (CVE-2015-4802)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
  5.6.26 and earlier allows remote authenticated users to affect availability
  via vectors related to Server : DDL. (CVE-2015-4815)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
  5.6.26 and earlier allows remote authenticated users to affect
  confidentiality via unknown vectors related to Server : Types.
  (CVE-2015-4826)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
  5.6.26 and earlier allows remote authenticated users to affect integrity
  via unknown vectors related to Server : Security : Privileges.
  (CVE-2015-4830)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and
  5.6.26 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server : SP. (CVE-2015-4836)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and
  5.6.26 and earlier, allows remote authenticated users to affect availability
  via vectors related to DML, a different vulnerability than CVE-2015-4913.
  (CVE-2015-4858)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and
  5.6.26 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server : InnoDB. (CVE-2015-4861)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and
  5.6.26 and earlier, allows remote authenticated users to affect availability
  via unknown vectors related to Server : Parser. (CVE-2015-4870)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
  5.6.26 and earlier allows remote authenticated users to affect availability
  via vectors related to Server : DML, a different vulnerability than
  CVE-2015-4858. (CVE-2015-4913)

  Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
  5.6.26 and earlier allows remote authenticated users to affect availability
  via unknown vectors related to Server : Partition, a different vulnerability
  than CVE-2015-4802. (CVE-2015-4792)

  For other fixes in this update, see the referenced changelog.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=17065
 - https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes

CC: (none) => tmb
Hardware: i586 => All
Whiteboard: (none) => advisory

Comment 4 Thomas Backlund 2015-11-11 22:32:45 CET

SRPM:
mariadb-10.0.22-1.mga5.src.rpm


i586:
libmariadb18-10.0.22-1.mga5.i586.rpm
libmariadb-devel-10.0.22-1.mga5.i586.rpm
libmariadb-embedded18-10.0.22-1.mga5.i586.rpm
libmariadb-embedded-devel-10.0.22-1.mga5.i586.rpm
mariadb-10.0.22-1.mga5.i586.rpm
mariadb-bench-10.0.22-1.mga5.i586.rpm
mariadb-cassandra-10.0.22-1.mga5.i586.rpm
mariadb-client-10.0.22-1.mga5.i586.rpm
mariadb-common-10.0.22-1.mga5.i586.rpm
mariadb-common-core-10.0.22-1.mga5.i586.rpm
mariadb-connect-10.0.22-1.mga5.i586.rpm
mariadb-core-10.0.22-1.mga5.i586.rpm
mariadb-extra-10.0.22-1.mga5.i586.rpm
mariadb-feedback-10.0.22-1.mga5.i586.rpm
mariadb-mroonga-10.0.22-1.mga5.i586.rpm
mariadb-obsolete-10.0.22-1.mga5.i586.rpm
mariadb-oqgraph-10.0.22-1.mga5.i586.rpm
mariadb-sequence-10.0.22-1.mga5.i586.rpm
mariadb-sphinx-10.0.22-1.mga5.i586.rpm
mariadb-spider-10.0.22-1.mga5.i586.rpm
mysql-MariaDB-10.0.22-1.mga5.i586.rpm


x86_64:
lib64mariadb18-10.0.22-1.mga5.x86_64.rpm
lib64mariadb-devel-10.0.22-1.mga5.x86_64.rpm
lib64mariadb-embedded18-10.0.22-1.mga5.x86_64.rpm
lib64mariadb-embedded-devel-10.0.22-1.mga5.x86_64.rpm
mariadb-10.0.22-1.mga5.x86_64.rpm
mariadb-bench-10.0.22-1.mga5.x86_64.rpm
mariadb-cassandra-10.0.22-1.mga5.x86_64.rpm
mariadb-client-10.0.22-1.mga5.x86_64.rpm
mariadb-common-10.0.22-1.mga5.x86_64.rpm
mariadb-common-core-10.0.22-1.mga5.x86_64.rpm
mariadb-connect-10.0.22-1.mga5.x86_64.rpm
mariadb-core-10.0.22-1.mga5.x86_64.rpm
mariadb-extra-10.0.22-1.mga5.x86_64.rpm
mariadb-feedback-10.0.22-1.mga5.x86_64.rpm
mariadb-mroonga-10.0.22-1.mga5.x86_64.rpm
mariadb-obsolete-10.0.22-1.mga5.x86_64.rpm
mariadb-oqgraph-10.0.22-1.mga5.x86_64.rpm
mariadb-sequence-10.0.22-1.mga5.x86_64.rpm
mariadb-sphinx-10.0.22-1.mga5.x86_64.rpm
mariadb-spider-10.0.22-1.mga5.x86_64.rpm
mysql-MariaDB-10.0.22-1.mga5.x86_64.rpm

CC: (none) => alien
Assignee: alien => qa-bugs

Comment 5 Herman Viaene 2015-11-13 15:05:20 CET

MGA5-32 on Acer D620 Xfce
No installation issues.
Could connect with phpmmyadmin and create and delete a table, all OK
Could create a first time mediawiki, all seems OK.

CC: (none) => herman.viaene
Whiteboard: advisory => advisory MGA5-32-OK

Comment 6 Thomas Andrews 2015-11-14 00:20:43 CET

Installed on Dell Dimension E310, P4 processor, Intel graphics, on both 64-bit and 32-bit Mageia installs. Installed at the same time as the packages from Bug #17126 and Bug #17129.

Only action done was to see if the packages presented in Mageia Update installed correctly, and that the system seemed to work after a reboot.

No issues seen on either install.

CC: (none) => andrewsfarm

Comment 7 Thomas Andrews 2015-11-14 02:25:38 CET

Homemade computer, ASRock motherboard, Athlon X2 7750 processor, 8GB RAM, ATI on-board graphics. Installed updates on both 64-bit and 32-bit Mageia installs, as in Comment 6.

No issues seen on either install.

Comment 8 claire robinson 2015-11-16 09:42:14 CET

Validating.

Keywords: (none) => validated_update
Whiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK mga5-64-ok
CC: (none) => sysadmin-bugs

Comment 9 Mageia Robot 2015-11-16 22:37:39 CET

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0445.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.