Upstream has released MariaDB 10.1.26 on August 10: https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/ It fixes some security issues. Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Easily exploitable vulnerability in MariaDB Server allows low privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data as well as unauthorized read access to a subset of MariaDB Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MariaDB Server (CVE-2017-3636). Easily exploitable vulnerability in MariaDB Server allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2017-3641). Difficult to exploit vulnerability in MariaDB Server allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2017-3653). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653 https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/ https://mariadb.com/kb/en/mariadb-10126-changelog/ ======================== Updated packages in core/updates_testing: ======================== mariadb-10.1.26-1.mga6 mysql-MariaDB-10.1.26-1.mga6 mariadb-cassandra-10.1.26-1.mga6 mariadb-feedback-10.1.26-1.mga6 mariadb-connect-10.1.26-1.mga6 mariadb-sphinx-10.1.26-1.mga6 mariadb-mroonga-10.1.26-1.mga6 mariadb-sequence-10.1.26-1.mga6 mariadb-spider-10.1.26-1.mga6 mariadb-extra-10.1.26-1.mga6 mariadb-obsolete-10.1.26-1.mga6 mariadb-core-10.1.26-1.mga6 mariadb-common-core-10.1.26-1.mga6 mariadb-common-10.1.26-1.mga6 mariadb-client-10.1.26-1.mga6 mariadb-bench-10.1.26-1.mga6 libmariadb18-10.1.26-1.mga6 libmariadb-devel-10.1.26-1.mga6 libmariadb-embedded18-10.1.26-1.mga6 libmariadb-embedded-devel-10.1.26-1.mga6 from mariadb-10.1.26-1.mga6.src.rpm
MGA6-32 on Asus A6000VM MATE No installation issues. Used phpmyadmin to connect, drop previous test database, create new one, create table into it and insert data. All OK.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
In VirtualBox, M6, KDE, 64-bit I'm getting a curl error trying to install mariadb Package(s) under test: mariadb default install of mariadb [root@localhost wilcal]# urpmi mariadb To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "core64_updates") mariadb 10.1.25 1.mga6 x86_64 mariadb-extra 10.1.25 1.mga6 x86_64 (recommended) mariadb-feedback 10.1.25 1.mga6 x86_64 (recommended) 749KB of additional disk space will be used. 282KB of packages will be retrieved. Proceed with the installation of the 3 packages? (Y/n) y http://192.168.1.2:8080/~mageia/distrib/6/x86_64/media/core/updates/mariadb-10.1.25-1.mga6.x86_64.rpm http://192.168.1.2:8080/~mageia/distrib/6/x86_64/media/core/updates/mariadb-extra-10.1.25-1.mga6.x86_64.rpm http://192.168.1.2:8080/~mageia/distrib/6/x86_64/media/core/updates/mariadb-feedback-10.1.25-1.mga6.x86_64.rpm ...retrieving failed: curl failed: exited with 7 Installation failed, some files are missing: http://192.168.1.2:8080/~mageia/distrib/6/x86_64/media/core/updates/mariadb-extra-10.1.25-1.mga6.x86_64.rpm http://192.168.1.2:8080/~mageia/distrib/6/x86_64/media/core/updates/mariadb-10.1.25-1.mga6.x86_64.rpm http://192.168.1.2:8080/~mageia/distrib/6/x86_64/media/core/updates/mariadb-feedback-10.1.25-1.mga6.x86_64.rpm You may need to update your urpmi database. Yes, I updated the database.
CC: (none) => wilcal.int
Situation as I described in Comment 2 continues 24hours later.
(In reply to William Kenney from comment #3) > Situation as I described in Comment 2 continues 24hours later. This update is 10.1.26 and is in updates_testing. I guess you didn't enable it.
(In reply to David Walser from comment #4) > (In reply to William Kenney from comment #3) > > Situation as I described in Comment 2 continues 24hours later. > > This update is 10.1.26 and is in updates_testing. I guess you didn't enable > it. Would be nice. This situation is occurring just trying to install the present version of mariadb.
(In reply to William Kenney from comment #5) > > Would be nice. This situation is occurring just trying to install the > present version of mariadb. Looking at you urls: " http://192.168.1.2:8080/..." you are using urpmi-proxy (or another proxy) that is failing you... the rpms are there on the online mirrors
CC: (none) => tmb
Rats, sorry all my bad, it's been a bad week here network-wise. Back at this when I get things sorted out.
What am I doing wrong here to set the password now: [root@localhost wilcal]# systemctl start mysqld.service [root@localhost wilcal]# mysqladmin flush-privileges password testmariadb mysqladmin: You cannot use 'password' command as mysqld runs with grant tables disabled (was started with --skip-grant-tables). Use: "mysqladmin flush-privileges password '*'" instead [root@localhost wilcal]# mysqladmin flush-privileges password 'testmariadb' mysqladmin: You cannot use 'password' command as mysqld runs with grant tables disabled (was started with --skip-grant-tables). Use: "mysqladmin flush-privileges password '*'" instead
The only way I've found is to run mysql_secure_installation, just pressing enter at each question except the new root password. That script runs ... UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root'; using a config file to avoid having the password show on the command line in log files. Using mysqladmin no longer seems to work. This will require at a minimum, updating the readme.
Whiteboard: MGA6-32-OK => MGA6-32-OK feedbackCC: (none) => davidwhodgins
Grrrr, that's what I raised as an issue in QA-discuss last week, with the fact that at least two people have documented this in a wiki, but no one finds those things........
Unfortunately thus package doesn't have an active maintainer to take care of such things. If someone can provide me an updated README I can include it in the next update.
Whiteboard: MGA6-32-OK feedback => MGA6-32-OK
Testing M6/64 BEFORE update: lib64mariadb18-10.1.25-1.mga6 mariadb-10.1.25-1.mga6 mariadb-client-10.1.25-1.mga6 mariadb-common-10.1.25-1.mga6 mariadb-common-core-10.1.25-1.mga6 mariadb-core-10.1.25-1.mga6 mariadb-extra-10.1.25-1.mga6 mariadb-feedback-10.1.25-1.mga6 which worked with PHPmysql & Cacti. UPDATED to: lib64mariadb18-10.1.26-1.mga6 mariadb-10.1.26-1.mga6 mariadb-client-10.1.26-1.mga6 mariadb-common-10.1.26-1.mga6 mariadb-common-core-10.1.26-1.mga6 mariadb-core-10.1.26-1.mga6 mariadb-extra-10.1.26-1.mga6 mariadb-feedback-10.1.26-1.mga6 to try tomorrow...
CC: (none) => lewyssmith
Testing M6/64 cont. I had also tried what follows pre-update. Using the update, played with Cacti (using MariaDB) which behaved as previously, trying many actions; with no templates it collects & displays nothing, but otherwise works all round. PHPmysql: created a database, 1 table, 4 different columns. Added data to 2 rows, but could *not* edit these because of a lack of a unique or primary key. Trying to establish the 1st integer column as a a unique field or primary key drove me mad, it always complained of duplicate something. But it had done this before the update. Lack of my knowhow. Emptied then deleted the table, then the database. Looks OK, validating, adding advisory ex Comment 0 - rigorously scrutinised.
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK advisoryKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Moving 'advisory' from whiteboard to keywords now that madb has been updated to handle that keyword.
Keywords: (none) => advisoryWhiteboard: MGA6-32-OK MGA6-64-OK advisory => MGA6-32-OK MGA6-64-OK
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0332.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED