Upstream has released MariaDB 10.1.30 on December 23: https://mariadb.org/mariadb-10-1-30-mariadb-connector-c-2-3-4-now-available/ According to the release notes, it fixes CVE-2017-15365: https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
Assigning to mjack and CC'ing mkraemer, I hope they're willing to help again with mariadb. Also CC'ing the registerd maintainer of mariadb
CC: (none) => alien, mageia, marja11Assignee: bugsquad => jackal.j
Assignee: jackal.j => mageia
Updated package uploaded for Mageia 6. Advisory: ======================== Updated mariadb package to 10.1.30 fixes security vulnerability: It was discovered that mariadb contained a security vulnerability (CVE-2017-15365). This update fixes a few more bugs on the InnoDB Engine. References: https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365 Updated packages in core/updates_testing: ======================== lib64mariadb18-10.1.30-1.mga6 lib64mariadb-devel-10.1.30-1.mga6 lib64mariadb-embedded18-10.1.30-1.mga6 lib64mariadb-embedded-devel-10.1.30-1.mga6 mariadb-10.1.30-1.mga6 mariadb-bench-10.1.30-1.mga6 mariadb-cassandra-10.1.30-1.mga6 mariadb-client-10.1.30-1.mga6 mariadb-common-10.1.30-1.mga6 mariadb-common-core-10.1.30-1.mga6 mariadb-connect-10.1.30-1.mga6 mariadb-core-10.1.30-1.mga6 mariadb-debuginfo-10.1.30-1.mga6 mariadb-extra-10.1.30-1.mga6 mariadb-feedback-10.1.30-1.mga6 mariadb-mroonga-10.1.30-1.mga6 mariadb-obsolete-10.1.30-1.mga6 mariadb-sequence-10.1.30-1.mga6 mariadb-sphinx-10.1.30-1.mga6 mariadb-spider-10.1.30-1.mga6 mysql-MariaDB-10.1.30-1.mga6 form SRPM: mariadb-10.1.30-1.mga6.src.rpm
Assignee: mageia => qa-bugs
An apology to AL13N, I wasn't aware he's available again 2018:01:16:17:02 < AL13N> marja: i'm testbuilding mariadb for mga6 locally atm, i'll submit to updates_testing when it's ok 2018:01:16:17:03 < AL13N> (takes a while) From now on, I'll assign new mariadb bug reports to him again.
I was just helping, I'm fine if someone else does mariadb :-)
QA Contact: (none) => securityComponent: RPM Packages => Security
MGA6-32 on Dell Latitude D600 Mate No installation issues At CLI as root: # systemctl start mysqld # mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! ..... Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] n ... skipping. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] n ... skipping. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! Then started phpmyadmin, created new database, new table with 4 columns of different datatypes (int, varchar, timestamp) all OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Installed and tested without issues. Tests included a days work and some extra tests running: - PHP scripts that use a DB in MariaDB; - applications using the Qt5 MySQL plugin (lib64qt5-database-plugin-mysql-5.6.2-11.mga6); - SQL scripts, some quite complex/heavy; - MySQL Workbench; - /usr/bin/mysql_client_test. System: Mageia 6, x86_64, Intel CPU. $ uname -a Linux marte 4.14.13-desktop-1.mga6 #1 SMP Wed Jan 10 12:48:53 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep mariadb | sort lib64mariadb18-10.1.30-1.mga6 lib64mariadb-embedded18-10.1.30-1.mga6 mariadb-10.1.30-1.mga6 mariadb-bench-10.1.30-1.mga6 mariadb-client-10.1.30-1.mga6 mariadb-common-10.1.30-1.mga6 mariadb-common-core-10.1.30-1.mga6 mariadb-core-10.1.30-1.mga6 mariadb-extra-10.1.30-1.mga6 mariadb-feedback-10.1.30-1.mga6 $ mysql_upgrade -p --skip-write-binlog Enter password: Phase 1/7: Checking and upgrading mysql database Processing databases <SNIP - ALL OK> Phase 2/7: Installing used storage engines Checking for tables with unknown storage engine Phase 3/7: Fixing views Phase 4/7: Running 'mysql_fix_privilege_tables' Phase 5/7: Fixing table and database names Phase 6/7: Checking and upgrading tables Processing databases <SNIP - ALL OK> Phase 7/7: Running 'FLUSH PRIVILEGES' OK $ /usr/bin/mysql_client_test -p <SNIP LOTS OF OUTPUT - NO ERRORS>
CC: (none) => mageiaWhiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
CC: (none) => sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0088.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED