MariaDB has released version 10.0.30 on March 8: https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/ It fixes at least two security issues. Update checked into Mageia 5 SVN.
Blocks: (none) => 20275
CC: (none) => marja11Assignee: bugsquad => alien
Updated package uploaded for Mageia 5. Note that Bug 20275 is also fixed. Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Crash in libmysqlclient.so in MariaDB 10.0.x through 10.0.29 (CVE-2017-3302). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: MyISAM). Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MariaDB Server accessible data (CVE-2017-3313). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313 https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/ ======================== Updated packages in core/updates_testing: ======================== mariadb-10.0.30-1.mga5 mysql-MariaDB-10.0.30-1.mga5 mariadb-cassandra-10.0.30-1.mga5 mariadb-feedback-10.0.30-1.mga5 mariadb-oqgraph-10.0.30-1.mga5 mariadb-connect-10.0.30-1.mga5 mariadb-sphinx-10.0.30-1.mga5 mariadb-mroonga-10.0.30-1.mga5 mariadb-sequence-10.0.30-1.mga5 mariadb-spider-10.0.30-1.mga5 mariadb-extra-10.0.30-1.mga5 mariadb-obsolete-10.0.30-1.mga5 mariadb-core-10.0.30-1.mga5 mariadb-common-core-10.0.30-1.mga5 mariadb-common-10.0.30-1.mga5 mariadb-client-10.0.30-1.mga5 mariadb-bench-10.0.30-1.mga5 libmariadb18-10.0.30-1.mga5 libmariadb-devel-10.0.30-1.mga5 libmariadb-embedded18-10.0.30-1.mga5 libmariadb-embedded-devel-10.0.30-1.mga5 from mariadb-10.0.30-1.mga5.src.rpm
Assignee: alien => qa-bugs
Debian has issued an advisory for this on March 14: https://www.debian.org/security/2017/dsa-3809
# cd /usr/share/mysql/sql-bench/ # perl run-all-tests --server=mysql --user=root --password=munged --small-test Test completed ok in 491 seconds on my x86_64 Mageia 5 install.
CC: (none) => davidwhodginsWhiteboard: (none) => advisory MGA5-64-OK
Validating the update
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0096.html
Status: NEW => RESOLVEDResolution: (none) => FIXED