Upstream has released MariaDB 10.0.34 and 10.1.31 on January 30 and February 7: https://mariadb.org/mariadb-10-0-34-now-available/ https://mariadb.org/mariadb-10-1-31-mariadb-galera-cluster-10-0-34-now-available/ They fix six new security issues: https://mariadb.com/kb/en/library/mariadb-10034-release-notes/ https://mariadb.com/kb/en/library/mariadb-10131-release-notes/ which come from the latest Oracle CPU: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Whiteboard: (none) => MGA5TOO
Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Partition). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-2562). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2622). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2640). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2665). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2668). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2612). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612 https://mariadb.com/kb/en/library/mariadb-10034-release-notes/ https://mariadb.com/kb/en/library/mariadb-10131-release-notes/ http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ======================== Updated packages in core/updates_testing: ======================== mariadb-10.0.34-1.mga5 mysql-MariaDB-10.0.34-1.mga5 mariadb-cassandra-10.0.34-1.mga5 mariadb-feedback-10.0.34-1.mga5 mariadb-oqgraph-10.0.34-1.mga5 mariadb-connect-10.0.34-1.mga5 mariadb-sphinx-10.0.34-1.mga5 mariadb-mroonga-10.0.34-1.mga5 mariadb-sequence-10.0.34-1.mga5 mariadb-spider-10.0.34-1.mga5 mariadb-extra-10.0.34-1.mga5 mariadb-obsolete-10.0.34-1.mga5 mariadb-core-10.0.34-1.mga5 mariadb-common-core-10.0.34-1.mga5 mariadb-common-10.0.34-1.mga5 mariadb-client-10.0.34-1.mga5 mariadb-bench-10.0.34-1.mga5 libmariadb18-10.0.34-1.mga5 libmariadb-devel-10.0.34-1.mga5 libmariadb-embedded18-10.0.34-1.mga5 libmariadb-embedded-devel-10.0.34-1.mga5 mariadb-10.1.31-1.mga6 mysql-MariaDB-10.1.31-1.mga6 mariadb-cassandra-10.1.31-1.mga6 mariadb-feedback-10.1.31-1.mga6 mariadb-connect-10.1.31-1.mga6 mariadb-sphinx-10.1.31-1.mga6 mariadb-mroonga-10.1.31-1.mga6 mariadb-sequence-10.1.31-1.mga6 mariadb-spider-10.1.31-1.mga6 mariadb-extra-10.1.31-1.mga6 mariadb-obsolete-10.1.31-1.mga6 mariadb-core-10.1.31-1.mga6 mariadb-common-core-10.1.31-1.mga6 mariadb-common-10.1.31-1.mga6 mariadb-client-10.1.31-1.mga6 mariadb-bench-10.1.31-1.mga6 libmariadb18-10.1.31-1.mga6 libmariadb-devel-10.1.31-1.mga6 libmariadb-embedded18-10.1.31-1.mga6 libmariadb-embedded-devel-10.1.31-1.mga6 from SRPMS: mariadb-10.0.34-1.mga5.src.rpm mariadb-10.1.31-1.mga6.src.rpm
Assignee: bugsquad => qa-bugs
So of course the Mageia 6 build failed because of tests. Failing test(s): plugins.feedback_plugin_install main.ssl_8k_key Moving Mageia 5 to another bug (Bug 22608).
Assignee: qa-bugs => pkg-bugsWhiteboard: MGA5TOO => (none)Source RPM: mariadb => mariadb-10.1.31-1.mga6.src.rpmCC: (none) => qa-bugs
The Cauldron update to 10.2.13 also failed with failed tests. Completed: Failed 77/4139 tests, 98.14% were successful. Failing test(s): plugins.feedback_plugin_install unit.aes unit.base64 unit.bitmap unit.conc_async unit.conc_bulk1 unit.conc_charset unit.conc_connection unit.conc_cursor unit.conc_dyncol unit.conc_errors unit.conc_features-10_2 unit.conc_fetch unit.conc_logs unit.conc_performance unit.conc_ps unit.conc_ps_new unit.conc_result unit.conc_sp unit.conc_sqlite3 unit.conc_thread unit.conc_view unit.dynstring unit.ed25519 unit.explain_filename unit.json_lib unit.ma_control_file unit.ma_dyncol unit.ma_pagecache_consist_1k unit.ma_pagecache_consist_1kHC unit.ma_pagecache_consist_1kRD unit.ma_pagecache_consist_1kWR unit.ma_pagecache_consist_64k unit.ma_pagecache_consist_64kHC unit.ma_pagecache_consist_64kRD unit.ma_pagecache_consist_64kWR unit.ma_pagecache_rwconsist2_1k unit.ma_pagecache_rwconsist_1k unit.ma_pagecache_single_1k unit.ma_pagecache_single_64k unit.ma_pagecache_single_8k unit.ma_test_loghandler unit.ma_test_loghandler_first_lsn unit.ma_test_loghandler_long unit.ma_test_loghandler_max_lsn unit.ma_test_loghandler_multigroup unit.ma_test_loghandler_multithread unit.ma_test_loghandler_noflush unit.ma_test_loghandler_nologs unit.ma_test_loghandler_pagecache unit.ma_test_loghandler_purge unit.ma_test_loghandler_readonly unit.mf_iocache unit.my_apc unit.my_atomic unit.my_decimal unit.my_getopt unit.my_malloc unit.my_rdtsc unit.my_vsnprintf unit.no_plan unit.pfs unit.pfs_account-oom unit.pfs_host-oom unit.pfs_instr unit.pfs_instr-oom unit.pfs_instr_class unit.pfs_instr_class-oom unit.pfs_misc unit.pfs_timer unit.pfs_user-oom unit.simple unit.skip unit.skip_all unit.strings unit.todo unit.trnman
Status comment: (none) => Builds but tests fail
Fedora has issued an advisory for this on March 13: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T65FVF6ZB7TDQZX6X2MWO2CDVBRG3TQE/
@David: we just should disable feedback_plugin. This is just an optional plugin which is not really needed. Since this plugin submits information to MariaDB.org, I've never heard of anybody really enabling this plugin.
CC: (none) => mageia
Upstream has released MariaDB 10.1.32 on March 27: https://mariadb.org/mariadb-10-2-14-mariadb-10-1-32-and-mariadb-connector-j-2-2-3-and-1-7-3-now-available/ So far only bug fixes are listed, but security fixes may be announced later: https://mariadb.com/kb/en/library/mariadb-10132-release-notes/ Fedora has something in their package to skip more tests, which we may need.
The new versions also fail: http://pkgsubmit.mageia.org/uploads/failure/6/core/updates_testing/20180331154013.luigiwalser.duvel.34853/log/mariadb-10.1.32-1.mga6/build.0.20180331154259.log http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20180331153955.luigiwalser.duvel.33842/log/mariadb-10.2.14-1.mga7/build.0.20180331154009.log mga6: Failing test(s): plugins.feedback_plugin_install main.ssl_8k_key cauldron: Failing test(s): plugins.feedback_plugin_install unit.aes unit.base64 unit.bitmap unit.conc_async unit.conc_bulk1 unit.conc_charset unit.conc_connection unit.conc_cursor unit.conc_dyncol unit.conc_errors unit.conc_features-10_2 unit.conc_fetch unit.conc_logs unit.conc_performance unit.conc_ps unit.conc_ps_new unit.conc_result unit.conc_sp unit.conc_thread unit.conc_view unit.dynstring unit.ed25519 unit.explain_filename unit.json_lib unit.ma_control_file unit.ma_dyncol unit.ma_pagecache_consist_1k unit.ma_pagecache_consist_1kHC unit.ma_pagecache_consist_1kRD unit.ma_pagecache_consist_1kWR unit.ma_pagecache_consist_64k unit.ma_pagecache_consist_64kHC unit.ma_pagecache_consist_64kRD unit.ma_pagecache_consist_64kWR unit.ma_pagecache_rwconsist2_1k unit.ma_pagecache_rwconsist_1k unit.ma_pagecache_single_1k unit.ma_pagecache_single_64k unit.ma_pagecache_single_8k unit.ma_test_loghandler unit.ma_test_loghandler_first_lsn unit.ma_test_loghandler_long unit.ma_test_loghandler_max_lsn unit.ma_test_loghandler_multigroup unit.ma_test_loghandler_multithread unit.ma_test_loghandler_noflush unit.ma_test_loghandler_nologs unit.ma_test_loghandler_pagecache unit.ma_test_loghandler_purge unit.ma_test_loghandler_readonly unit.mf_iocache unit.my_apc unit.my_decimal unit.my_getopt unit.my_malloc unit.my_rdtsc unit.my_vsnprintf unit.no_plan unit.pfs unit.pfs_account-oom unit.pfs_host-oom unit.pfs_instr unit.pfs_instr-oom unit.pfs_instr_class unit.pfs_instr_class-oom unit.pfs_misc unit.pfs_timer unit.pfs_user-oom unit.simple unit.skip unit.skip_all unit.strings unit.todo unit.trnman Fedora has issued an advisory for this on March 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WGASEFKGW33FB2YZIKFWIQARZK66FUCX/
looks like this here too: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1419262 Still, just disable this test and we're fine.
Cauldron build fixed by Jani.
CC: (none) => jani.valimaa
Fedora advisory for 10.1.32 from today (April 2): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3CITF3U4DJXAQM7LYPYI4BF7CGXJG22I/
MariaDB 10.1.33 has been released on May 9, with several more security fixes: https://mariadb.org/mariadb-10-1-33-and-mariadb-galera-cluster-10-0-35-now-available/ https://mariadb.com/kb/en/library/mariadb-10133-release-notes/ Cauldron should also be updated to 10.2.15, released on May 17: https://mariadb.org/mariadb-10-2-15-and-mariadb-connector-j-2-2-4-now-available/ https://mariadb.com/kb/en/library/mariadb-10215-release-notes/ Corresponding Oracle CPU: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
Assignee: pkg-bugs => mageia
Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Partition). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-2562). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2622). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2640). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2665). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2668). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2612). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612 https://mariadb.com/kb/en/library/mariadb-10034-release-notes/ https://mariadb.com/kb/en/library/mariadb-10131-release-notes/ http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813 ======================== Updated packages in core/updates_testing: ======================== mariadb-10.1.33-1.mga6 mysql-MariaDB-10.1.33-1.mga6 mariadb-cassandra-10.1.33-1.mga6 mariadb-feedback-10.1.33-1.mga6 mariadb-connect-10.1.33-1.mga6 mariadb-sphinx-10.1.33-1.mga6 mariadb-mroonga-10.1.33-1.mga6 mariadb-sequence-10.1.33-1.mga6 mariadb-spider-10.1.33-1.mga6 mariadb-extra-10.1.33-1.mga6 mariadb-obsolete-10.1.33-1.mga6 mariadb-core-10.1.33-1.mga6 mariadb-common-core-10.1.33-1.mga6 mariadb-common-10.1.33-1.mga6 mariadb-client-10.1.33-1.mga6 mariadb-bench-10.1.33-1.mga6 libmariadb18-10.1.33-1.mga6 libmariadb-devel-10.1.33-1.mga6 libmariadb-embedded18-10.1.33-1.mga6 libmariadb-embedded-devel-10.1.33-1.mga6 from SRPMS: mariadb-10.1.31-1.mga6.src.rpm
Assignee: mageia => qa-bugs
Status comment: Builds but tests fail => (none)
In VirtualBox, M6, MATE, 32-bit Create mariadb/mysql db PW: mytest in root terminal: systemctl start mysqld.service in root terminal: mysql_secure_installation At the first prompt for password just press Enter, there is no password yet. Then follow the prompts to define a new password ( mytest ) and a few more settings that are just (Enter) for default settings. Package(s) under test: mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra phpmyadmin default install of mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra phpmyadmin I reboot at this point [root@localhost wilcal]# urpmi mariadb Package mariadb-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.1.30-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.7.8-1.mga6.noarch is already installed In Firefox http://localhost/phpmyadmin opens with user: root pw: mytest sets up correctly and I can create a database, test01, and is usable and can be modified. I can exit phpmyadmin, reopen phpmyadmin and reopen db test01. install mariadb libmariadb-embedded18 libmariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra phpmyadmin from updates_testing The following 10 packages are going to be installed: - libmariadb-embedded18-10.1.33-1.mga6.i586 - libmariadb18-10.1.33-1.mga6.i586 - mariadb-10.1.33-1.mga6.i586 - mariadb-bench-10.1.33-1.mga6.i586 - mariadb-client-10.1.33-1.mga6.i586 - mariadb-common-10.1.33-1.mga6.i586 - mariadb-common-core-10.1.33-1.mga6.i586 - mariadb-core-10.1.33-1.mga6.i586 - mariadb-extra-10.1.33-1.mga6.i586 - mariadb-feedback-10.1.33-1.mga6.i586 [root@localhost wilcal]# urpmi mariadb Package mariadb-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libmariadb-embedded18 Package libmariadb-embedded18-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libmariadb18 Package libmariadb18-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.8.0.1-1.mga6.noarch is already installed All packages update cleanly In Firefox http://localhost/phpmyadmin opens with user: root pw: mytest I can reopen database test01 and is usable and can be modified. I can create a new database test02 and is usable and can be modified.
CC: (none) => wilcal.int
In VirtualBox, M6, MATE, 64-bit Create mariadb/mysql db PW: mytest in root terminal: systemctl start mysqld.service in root terminal: mysql_secure_installation At the first prompt for password just press Enter, there is no password yet. Then follow the prompts to define a new password ( mytest ) and a few more settings that are just (Enter) for default settings. Package(s) under test: mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra phpmyadmin default install of mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra phpmyadmin I reboot at this point [root@localhost wilcal]# urpmi mariadb Package mariadb-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.1.30-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.7.8-1.mga6.noarch is already installed In Firefox http://localhost/phpmyadmin opens with user: root pw: mytest sets up correctly and I can create a database, test01, and is usable and can be modified. I can exit phpmyadmin, reopen phpmyadmin and reopen db test01. install mariadb lib64mariadb-embedded18 lib64mariadb18 mariadb-bench mariadb-client mariadb-common mariadb-common-core mariadb-core mariadb-extra phpmyadmin from updates_testing The following 11 packages are going to be installed: - lib64mariadb-embedded18-10.1.33-1.mga6.x86_64 - lib64mariadb18-10.1.33-1.mga6.x86_64 - mariadb-10.1.33-1.mga6.x86_64 - mariadb-bench-10.1.33-1.mga6.x86_64 - mariadb-client-10.1.33-1.mga6.x86_64 - mariadb-common-10.1.33-1.mga6.x86_64 - mariadb-common-core-10.1.33-1.mga6.x86_64 - mariadb-core-10.1.33-1.mga6.x86_64 - mariadb-extra-10.1.33-1.mga6.x86_64 - mariadb-feedback-10.1.33-1.mga6.x86_64 - phpmyadmin-4.8.0.1-1.mga6.noarch [root@localhost wilcal]# urpmi mariadb Package mariadb-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb-embedded18 Package lib64mariadb-embedded18-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64mariadb18 Package lib64mariadb18-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-bench Package mariadb-bench-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-client Package mariadb-client-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common Package mariadb-common-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-common-core Package mariadb-common-core-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-core Package mariadb-core-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi mariadb-extra Package mariadb-extra-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.8.0.1-1.mga6.noarch is already installed All packages update cleanly In Firefox http://localhost/phpmyadmin opens with user: root pw: mytest I can reopen database test01 and is usable and can be modified. I can create a new database test02 and is usable and can be modified.
I'm going to validate this in 24-hours unless someone else wants to do some additional testing.
Whiteboard: (none) => MGA6-32-OK MGA6-64-OK
Corrected advisory. Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Partition). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-2562). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2622). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2640). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2665). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2668). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2612). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Replication). Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MariaDB Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MariaDB Server (CVE-2018-2755). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Client programs). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2761). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2766). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Locking). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2771). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2781). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2782). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2784). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-2787). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MariaDB Server accessible data (CVE-2018-2813). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2817). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2819). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819 https://mariadb.com/kb/en/library/mariadb-10131-release-notes/ https://mariadb.com/kb/en/library/mariadb-10132-release-notes/ https://mariadb.com/kb/en/library/mariadb-10133-release-notes/ http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source RPM: mariadb-10.1.31-1.mga6.src.rpm => mariadb-10.1.30-1.mga6.src.rpm
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded with srpm mariadb-10.1.33-1.mga6 from Bill's tests.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0269.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED