MariaDB 10.0.35 has been released on May 3, fixing several security issues: https://mariadb.org/mariadb-10-0-35-mariadb-galera-cluster-5-5-60-and-mariadb-connector-c-3-0-4-now-available/ https://mariadb.com/kb/en/library/mariadb-10035-release-notes/ Corresponding Oracle CPU: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
Assigning to the registered maintainer, because IINM he wants to be active again (I think I've seen him ask for a password reset) @ AL13N Note that Mageia 5 is officially no longer maintained, it only gets some security fixes because there were/are still problems with the Mga5->6 upgrade. Hopefully, that'll be fixed (Mageia 6.1 ISOs are planned, but ISO-testing hasn't begun yet)
CC: (none) => marja11Assignee: bugsquad => alien
Where AL13N could help is Bug 22607. It needs an actual maintainer as there are persistent build issues with the package, and it's beyond what I can deal with. Fortunately upstream hasn't continuously gratuitously broken the 10.0.x branch like they have the later ones. Advisory to come later for this update. mariadb-10.0.35-1.mga5 mysql-MariaDB-10.0.35-1.mga5 mariadb-cassandra-10.0.35-1.mga5 mariadb-feedback-10.0.35-1.mga5 mariadb-oqgraph-10.0.35-1.mga5 mariadb-connect-10.0.35-1.mga5 mariadb-sphinx-10.0.35-1.mga5 mariadb-mroonga-10.0.35-1.mga5 mariadb-sequence-10.0.35-1.mga5 mariadb-spider-10.0.35-1.mga5 mariadb-extra-10.0.35-1.mga5 mariadb-obsolete-10.0.35-1.mga5 mariadb-core-10.0.35-1.mga5 mariadb-common-core-10.0.35-1.mga5 mariadb-common-10.0.35-1.mga5 mariadb-client-10.0.35-1.mga5 mariadb-bench-10.0.35-1.mga5 libmariadb18-10.0.35-1.mga5 libmariadb-devel-10.0.35-1.mga5 libmariadb-embedded18-10.0.35-1.mga5 libmariadb-embedded-devel-10.0.35-1.mga5 from mariadb-10.0.35-1.mga5.src.rpm
Assignee: alien => qa-bugs
MGA5-32 on Dell Latitude D600 Xfce No installation issues. Deleted previous test databases, inserted new one, created table with 4 columns and inserted a row with values into the table. All OK
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
Testing M5 x64 BEFORE update: all at version 10.0.34-1.mga5 AFTER update to: - lib64mariadb-devel-10.0.35-1.mga5.x86_64 - lib64mariadb-embedded18-10.0.35-1.mga5.x86_64 - lib64mariadb18-10.0.35-1.mga5.x86_64 - mariadb-10.0.35-1.mga5.x86_64 - mariadb-client-10.0.35-1.mga5.x86_64 - mariadb-common-10.0.35-1.mga5.x86_64 - mariadb-common-core-10.0.35-1.mga5.x86_64 - mariadb-core-10.0.35-1.mga5.x86_64 - mariadb-extra-10.0.35-1.mga5.x86_64 - mariadb-feedback-10.0.35-1.mga5.x86_64 Using phpMyAdmin, I created a user with database, created 2 tables each with 4 different fields, inserted rows, edited rows, deleted rows, cleared & deleted tables, deleted database & the user. All went OK. (In reply to David Walser from comment #2) > Advisory to come later for this update. Please!
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Replication). Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MariaDB Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MariaDB Server (CVE-2018-2755). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Client programs). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2761). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2766). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Locking). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2771). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2781). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2782). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2784). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-2787). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MariaDB Server accessible data (CVE-2018-2813). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2817). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2819). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819 https://mariadb.com/kb/en/library/mariadb-10035-release-notes/ https://mariadb.org/mariadb-10-0-35-mariadb-galera-cluster-5-5-60-and-mariadb-connector-c-3-0-4-now-available/ http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0259.html
Status: NEW => RESOLVEDResolution: (none) => FIXED