Bug 20487 - mariadb 10.0.30
Summary: mariadb 10.0.30
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA5-64-OK
Keywords: validated_update
Depends on:
Blocks: 20275
  Show dependency treegraph
 
Reported: 2017-03-15 01:58 CET by David Walser
Modified: 2017-03-31 08:15 CEST (History)
3 users (show)

See Also:
Source RPM: mariadb-10.0.29-1.3.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2017-03-15 01:58:53 CET
MariaDB has released version 10.0.30 on March 8:
https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/

It fixes at least two security issues.

Update checked into Mageia 5 SVN.
Comment 1 David Walser 2017-03-16 11:13:18 CET
Updated package uploaded for Mageia 5.  Note that Bug 20275 is also fixed.

Advisory:
========================

Updated mariadb packages fix security vulnerabilities:

Crash in libmysqlclient.so in MariaDB 10.0.x through 10.0.29 (CVE-2017-3302).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
MyISAM). Difficult to exploit vulnerability allows low privileged attacker with
logon to the infrastructure where MariaDB Server executes to compromise MariaDB
Server. Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all MariaDB Server accessible data
(CVE-2017-3313).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313
https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/
========================

Updated packages in core/updates_testing:
========================
mariadb-10.0.30-1.mga5
mysql-MariaDB-10.0.30-1.mga5
mariadb-cassandra-10.0.30-1.mga5
mariadb-feedback-10.0.30-1.mga5
mariadb-oqgraph-10.0.30-1.mga5
mariadb-connect-10.0.30-1.mga5
mariadb-sphinx-10.0.30-1.mga5
mariadb-mroonga-10.0.30-1.mga5
mariadb-sequence-10.0.30-1.mga5
mariadb-spider-10.0.30-1.mga5
mariadb-extra-10.0.30-1.mga5
mariadb-obsolete-10.0.30-1.mga5
mariadb-core-10.0.30-1.mga5
mariadb-common-core-10.0.30-1.mga5
mariadb-common-10.0.30-1.mga5
mariadb-client-10.0.30-1.mga5
mariadb-bench-10.0.30-1.mga5
libmariadb18-10.0.30-1.mga5
libmariadb-devel-10.0.30-1.mga5
libmariadb-embedded18-10.0.30-1.mga5
libmariadb-embedded-devel-10.0.30-1.mga5

from mariadb-10.0.30-1.mga5.src.rpm
Comment 2 David Walser 2017-03-16 14:27:45 CET
Debian has issued an advisory for this on March 14:
https://www.debian.org/security/2017/dsa-3809
Comment 3 Dave Hodgins 2017-03-17 02:05:42 CET
# cd /usr/share/mysql/sql-bench/
# perl run-all-tests --server=mysql --user=root --password=munged --small-test

Test completed ok in 491 seconds on my x86_64 Mageia 5 install.
Comment 4 Dave Hodgins 2017-03-31 06:43:46 CEST
Validating the update
Comment 5 Mageia Robot 2017-03-31 08:15:28 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0096.html

Note You need to log in before you can comment on or make changes to this bug.