Debian has issued an advisory on October 31: https://www.debian.org/security/2015/dsa-3385 Most of the security issues have been fixed in 10.0.22 itself. Reproducible: Steps to Reproduce:
MariaDB 10.0.22 release notes from October 29: https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes/
Some of the CVEs are here: http://lwn.net/Vulnerabilities/662069/
got tired of waiting... 10.0.22 pushed to cauldron and mga5 testing CVEs listed in debian advisory is partly fixed in 10.0.21 (which we already have). and the rest is fixed in 10.0.22 CVE-2015-4807 is windows only... advisory (also added to svn) This update provides the upstream 10.0.22 maintenance release and fixes the following security issues: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. (CVE-2015-4802) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. (CVE-2015-4815) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. (CVE-2015-4826) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. (CVE-2015-4830) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. (CVE-2015-4836) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. (CVE-2015-4858) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4861) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. (CVE-2015-4870) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. (CVE-2015-4913) Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. (CVE-2015-4792) For other fixes in this update, see the referenced changelog. references: - https://bugs.mageia.org/show_bug.cgi?id=17065 - https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes
CC: (none) => tmbHardware: i586 => AllWhiteboard: (none) => advisory
SRPM: mariadb-10.0.22-1.mga5.src.rpm i586: libmariadb18-10.0.22-1.mga5.i586.rpm libmariadb-devel-10.0.22-1.mga5.i586.rpm libmariadb-embedded18-10.0.22-1.mga5.i586.rpm libmariadb-embedded-devel-10.0.22-1.mga5.i586.rpm mariadb-10.0.22-1.mga5.i586.rpm mariadb-bench-10.0.22-1.mga5.i586.rpm mariadb-cassandra-10.0.22-1.mga5.i586.rpm mariadb-client-10.0.22-1.mga5.i586.rpm mariadb-common-10.0.22-1.mga5.i586.rpm mariadb-common-core-10.0.22-1.mga5.i586.rpm mariadb-connect-10.0.22-1.mga5.i586.rpm mariadb-core-10.0.22-1.mga5.i586.rpm mariadb-extra-10.0.22-1.mga5.i586.rpm mariadb-feedback-10.0.22-1.mga5.i586.rpm mariadb-mroonga-10.0.22-1.mga5.i586.rpm mariadb-obsolete-10.0.22-1.mga5.i586.rpm mariadb-oqgraph-10.0.22-1.mga5.i586.rpm mariadb-sequence-10.0.22-1.mga5.i586.rpm mariadb-sphinx-10.0.22-1.mga5.i586.rpm mariadb-spider-10.0.22-1.mga5.i586.rpm mysql-MariaDB-10.0.22-1.mga5.i586.rpm x86_64: lib64mariadb18-10.0.22-1.mga5.x86_64.rpm lib64mariadb-devel-10.0.22-1.mga5.x86_64.rpm lib64mariadb-embedded18-10.0.22-1.mga5.x86_64.rpm lib64mariadb-embedded-devel-10.0.22-1.mga5.x86_64.rpm mariadb-10.0.22-1.mga5.x86_64.rpm mariadb-bench-10.0.22-1.mga5.x86_64.rpm mariadb-cassandra-10.0.22-1.mga5.x86_64.rpm mariadb-client-10.0.22-1.mga5.x86_64.rpm mariadb-common-10.0.22-1.mga5.x86_64.rpm mariadb-common-core-10.0.22-1.mga5.x86_64.rpm mariadb-connect-10.0.22-1.mga5.x86_64.rpm mariadb-core-10.0.22-1.mga5.x86_64.rpm mariadb-extra-10.0.22-1.mga5.x86_64.rpm mariadb-feedback-10.0.22-1.mga5.x86_64.rpm mariadb-mroonga-10.0.22-1.mga5.x86_64.rpm mariadb-obsolete-10.0.22-1.mga5.x86_64.rpm mariadb-oqgraph-10.0.22-1.mga5.x86_64.rpm mariadb-sequence-10.0.22-1.mga5.x86_64.rpm mariadb-sphinx-10.0.22-1.mga5.x86_64.rpm mariadb-spider-10.0.22-1.mga5.x86_64.rpm mysql-MariaDB-10.0.22-1.mga5.x86_64.rpm
CC: (none) => alienAssignee: alien => qa-bugs
MGA5-32 on Acer D620 Xfce No installation issues. Could connect with phpmmyadmin and create and delete a table, all OK Could create a first time mediawiki, all seems OK.
CC: (none) => herman.viaeneWhiteboard: advisory => advisory MGA5-32-OK
Installed on Dell Dimension E310, P4 processor, Intel graphics, on both 64-bit and 32-bit Mageia installs. Installed at the same time as the packages from Bug #17126 and Bug #17129. Only action done was to see if the packages presented in Mageia Update installed correctly, and that the system seemed to work after a reboot. No issues seen on either install.
CC: (none) => andrewsfarm
Homemade computer, ASRock motherboard, Athlon X2 7750 processor, 8GB RAM, ATI on-board graphics. Installed updates on both 64-bit and 32-bit Mageia installs, as in Comment 6. No issues seen on either install.
Validating.
Keywords: (none) => validated_updateWhiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0445.html
Status: NEW => RESOLVEDResolution: (none) => FIXED