Bug 20487 - mariadb 10.0.30
Summary: mariadb 10.0.30
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA5-64-OK
Keywords: validated_update
Depends on:
Blocks: 20275
  Show dependency treegraph
 
Reported: 2017-03-15 01:58 CET by David Walser
Modified: 2017-03-31 08:15 CEST (History)
3 users (show)

See Also:
Source RPM: mariadb-10.0.29-1.3.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-03-15 01:58:53 CET 
MariaDB has released version 10.0.30 on March 8:
https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/

It fixes at least two security issues.

Update checked into Mageia 5 SVN.
David Walser 2017-03-15 01:59:13 CET

Blocks: (none) => 20275

Marja Van Waes 2017-03-15 12:28:07 CET

CC: (none) => marja11
Assignee: bugsquad => alien

Comment 1 David Walser 2017-03-16 11:13:18 CET 
Updated package uploaded for Mageia 5.  Note that Bug 20275 is also fixed.

Advisory:
========================

Updated mariadb packages fix security vulnerabilities:

Crash in libmysqlclient.so in MariaDB 10.0.x through 10.0.29 (CVE-2017-3302).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
MyISAM). Difficult to exploit vulnerability allows low privileged attacker with
logon to the infrastructure where MariaDB Server executes to compromise MariaDB
Server. Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all MariaDB Server accessible data
(CVE-2017-3313).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313
https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/
========================

Updated packages in core/updates_testing:
========================
mariadb-10.0.30-1.mga5
mysql-MariaDB-10.0.30-1.mga5
mariadb-cassandra-10.0.30-1.mga5
mariadb-feedback-10.0.30-1.mga5
mariadb-oqgraph-10.0.30-1.mga5
mariadb-connect-10.0.30-1.mga5
mariadb-sphinx-10.0.30-1.mga5
mariadb-mroonga-10.0.30-1.mga5
mariadb-sequence-10.0.30-1.mga5
mariadb-spider-10.0.30-1.mga5
mariadb-extra-10.0.30-1.mga5
mariadb-obsolete-10.0.30-1.mga5
mariadb-core-10.0.30-1.mga5
mariadb-common-core-10.0.30-1.mga5
mariadb-common-10.0.30-1.mga5
mariadb-client-10.0.30-1.mga5
mariadb-bench-10.0.30-1.mga5
libmariadb18-10.0.30-1.mga5
libmariadb-devel-10.0.30-1.mga5
libmariadb-embedded18-10.0.30-1.mga5
libmariadb-embedded-devel-10.0.30-1.mga5

from mariadb-10.0.30-1.mga5.src.rpm

Assignee: alien => qa-bugs

Comment 2 David Walser 2017-03-16 14:27:45 CET 
Debian has issued an advisory for this on March 14:
https://www.debian.org/security/2017/dsa-3809
Comment 3 Dave Hodgins 2017-03-17 02:05:42 CET 
# cd /usr/share/mysql/sql-bench/
# perl run-all-tests --server=mysql --user=root --password=munged --small-test

Test completed ok in 491 seconds on my x86_64 Mageia 5 install.

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory MGA5-64-OK

Comment 4 Dave Hodgins 2017-03-31 06:43:46 CEST 
Validating the update

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2017-03-31 08:15:28 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0096.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.