+++ This bug was initially created as a clone of Bug #22607 +++ Upstream has released MariaDB 10.0.34 and 10.1.31 on January 30 and February 7: https://mariadb.org/mariadb-10-0-34-now-available/ https://mariadb.org/mariadb-10-1-31-mariadb-galera-cluster-10-0-34-now-available/ They fix six new security issues: https://mariadb.com/kb/en/library/mariadb-10034-release-notes/ https://mariadb.com/kb/en/library/mariadb-10131-release-notes/ which come from the latest Oracle CPU: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Partition). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-2562). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2622). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2640). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2665). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2668). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2612). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612 https://mariadb.com/kb/en/library/mariadb-10034-release-notes/ http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html ======================== Updated packages in core/updates_testing: ======================== mariadb-10.0.34-1.mga5 mysql-MariaDB-10.0.34-1.mga5 mariadb-cassandra-10.0.34-1.mga5 mariadb-feedback-10.0.34-1.mga5 mariadb-oqgraph-10.0.34-1.mga5 mariadb-connect-10.0.34-1.mga5 mariadb-sphinx-10.0.34-1.mga5 mariadb-mroonga-10.0.34-1.mga5 mariadb-sequence-10.0.34-1.mga5 mariadb-spider-10.0.34-1.mga5 mariadb-extra-10.0.34-1.mga5 mariadb-obsolete-10.0.34-1.mga5 mariadb-core-10.0.34-1.mga5 mariadb-common-core-10.0.34-1.mga5 mariadb-common-10.0.34-1.mga5 mariadb-client-10.0.34-1.mga5 mariadb-bench-10.0.34-1.mga5 libmariadb18-10.0.34-1.mga5 libmariadb-devel-10.0.34-1.mga5 libmariadb-embedded18-10.0.34-1.mga5 libmariadb-embedded-devel-10.0.34-1.mga5 from mariadb-10.0.34-1.mga5.src.rpm
MGA5-32 on Dell Latitude D600 Xfce No installation issues. This was an update on an existing previous version. Using phpmyadmin, I couls delete a previous test database, create a new one, create a table and populate it some data. All OK.
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
Advisory committed to svn. Validating the update based on above test.
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0139.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED