MariaDB 10.0.27 has been released on August 25: https://mariadb.com/kb/en/mariadb-10027-release-notes/ Updated package uploaded for Mageia 5. Advisory: ---------------------------------------- This is a maintenance and bugfix release that upgrades MariaDB to the latest 10.0.27 version which resolves various upstream bugs. References: https://mariadb.com/kb/en/mariadb-10027-release-notes/ https://mariadb.com/kb/en/mariadb-10027-changelog/ ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- mariadb-10.0.27-1.mga5 mysql-MariaDB-10.0.27-1.mga5 mariadb-cassandra-10.0.27-1.mga5 mariadb-feedback-10.0.27-1.mga5 mariadb-oqgraph-10.0.27-1.mga5 mariadb-connect-10.0.27-1.mga5 mariadb-sphinx-10.0.27-1.mga5 mariadb-mroonga-10.0.27-1.mga5 mariadb-sequence-10.0.27-1.mga5 mariadb-spider-10.0.27-1.mga5 mariadb-extra-10.0.27-1.mga5 mariadb-obsolete-10.0.27-1.mga5 mariadb-core-10.0.27-1.mga5 mariadb-common-core-10.0.27-1.mga5 mariadb-common-10.0.27-1.mga5 mariadb-client-10.0.27-1.mga5 mariadb-bench-10.0.27-1.mga5 libmariadb18-10.0.27-1.mga5 libmariadb-devel-10.0.27-1.mga5 libmariadb-embedded18-10.0.27-1.mga5 libmariadb-embedded-devel-10.0.27-1.mga5 from mariadb-10.0.27-1.mga5.src.rpm
Tested on Mageia 5 i586 and x86_64 (basic testing only).
Keywords: (none) => validated_updateWhiteboard: (none) => MGA5-64-OK MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
A security issue fixed in this update was disclosed today: http://openwall.com/lists/oss-security/2016/09/12/4 Please update the advisory in SVN. Advisory: ======================== Updated mariadb packages fix security vulnerability: MariaDB before 10.0.27 allowed a malicious user to create a my.cnf in the datadir and, under certain circumstances, execute arbitrary code as mysql (or even root) user (CVE-2016-6662). The mariadb package has been updated to version 10.0.27. It fixes this issue and other bugs. See the upstream release notes for details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6662 https://mariadb.com/kb/en/mariadb-10027-release-notes/ https://mariadb.com/kb/en/mariadb-10027-changelog/
Component: RPM Packages => SecurityQA Contact: (none) => securityWhiteboard: MGA5-64-OK MGA5-32-OK advisory => MGA5-64-OK MGA5-32-OK
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory
URL: (none) => http://lwn.net/Vulnerabilities/700651/
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGAA-2016-0113.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
CVE-2016-5630 and CVE-2016-5612 also fixed in this update. LWN reference for CVE-2016-5630: http://lwn.net/Vulnerabilities/706021/ CVE-2016-5612 is on this one with other issues mostly fixed in 10.0.28: http://lwn.net/Vulnerabilities/705211/