Bug 23058 - mariadb several new security issues
Summary: mariadb several new security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-32-OK MGA5-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-05-19 02:14 CEST by David Walser
Modified: 2018-05-29 21:42 CEST (History)
4 users (show)

See Also:
Source RPM: mariadb-10.0.34-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Comment 1 Marja Van Waes 2018-05-19 08:48:11 CEST
Assigning to the registered maintainer, because IINM he wants to be active again (I think I've seen him ask for a password reset)

@ AL13N

Note that Mageia 5 is officially no longer maintained, it only gets some security fixes because there were/are still problems with the Mga5->6 upgrade. Hopefully, that'll be fixed (Mageia 6.1 ISOs are planned, but ISO-testing hasn't begun yet)

CC: (none) => marja11
Assignee: bugsquad => alien

Comment 2 David Walser 2018-05-19 19:22:28 CEST
Where AL13N could help is Bug 22607.  It needs an actual maintainer as there are persistent build issues with the package, and it's beyond what I can deal with.

Fortunately upstream hasn't continuously gratuitously broken the 10.0.x branch like they have the later ones.

Advisory to come later for this update.

mariadb-10.0.35-1.mga5
mysql-MariaDB-10.0.35-1.mga5
mariadb-cassandra-10.0.35-1.mga5
mariadb-feedback-10.0.35-1.mga5
mariadb-oqgraph-10.0.35-1.mga5
mariadb-connect-10.0.35-1.mga5
mariadb-sphinx-10.0.35-1.mga5
mariadb-mroonga-10.0.35-1.mga5
mariadb-sequence-10.0.35-1.mga5
mariadb-spider-10.0.35-1.mga5
mariadb-extra-10.0.35-1.mga5
mariadb-obsolete-10.0.35-1.mga5
mariadb-core-10.0.35-1.mga5
mariadb-common-core-10.0.35-1.mga5
mariadb-common-10.0.35-1.mga5
mariadb-client-10.0.35-1.mga5
mariadb-bench-10.0.35-1.mga5
libmariadb18-10.0.35-1.mga5
libmariadb-devel-10.0.35-1.mga5
libmariadb-embedded18-10.0.35-1.mga5
libmariadb-embedded-devel-10.0.35-1.mga5

from mariadb-10.0.35-1.mga5.src.rpm

Assignee: alien => qa-bugs

Comment 3 Herman Viaene 2018-05-21 13:52:33 CEST
MGA5-32 on Dell Latitude D600 Xfce
No installation issues.
Deleted previous test databases, inserted new one, created table with 4 columns and inserted a row with values into the table.
All OK

Whiteboard: (none) => MGA5-32-OK
CC: (none) => herman.viaene

Comment 4 Lewis Smith 2018-05-23 20:36:14 CEST
Testing M5 x64

BEFORE update: all at version 10.0.34-1.mga5
AFTER update to:
- lib64mariadb-devel-10.0.35-1.mga5.x86_64
- lib64mariadb-embedded18-10.0.35-1.mga5.x86_64
- lib64mariadb18-10.0.35-1.mga5.x86_64
- mariadb-10.0.35-1.mga5.x86_64
- mariadb-client-10.0.35-1.mga5.x86_64
- mariadb-common-10.0.35-1.mga5.x86_64
- mariadb-common-core-10.0.35-1.mga5.x86_64
- mariadb-core-10.0.35-1.mga5.x86_64
- mariadb-extra-10.0.35-1.mga5.x86_64
- mariadb-feedback-10.0.35-1.mga5.x86_64

Using phpMyAdmin, I created a user with database, created 2 tables each with 4 different fields, inserted rows, edited rows, deleted rows, cleared & deleted tables, deleted database & the user. All went OK.

(In reply to David Walser from comment #2)
> Advisory to come later for this update.
Please!

Keywords: (none) => validated_update
Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

Comment 5 David Walser 2018-05-23 23:36:46 CEST
Advisory:
========================

Updated mariadb packages fix security vulnerabilities:

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: Replication). Difficult to exploit vulnerability allows
unauthenticated attacker with logon to the infrastructure where MariaDB Server
executes to compromise MariaDB Server. Successful attacks require human
interaction from a person other than the attacker and while the vulnerability
is in MariaDB Server, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in takeover of MariaDB
Server (CVE-2018-2755).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Client
programs). Difficult to exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise MariaDB Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2761).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
InnoDB). Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2766).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: Locking). Difficult to exploit vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MariaDB
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MariaDB Server (CVE-2018-2771).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: Optimizer). Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MariaDB
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MariaDB Server (CVE-2018-2781).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
InnoDB). Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2782).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
InnoDB). Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2784).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
InnoDB). Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MariaDB Server as well
as unauthorized update, insert or delete access to some of MariaDB Server
accessible data (CVE-2018-2787).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: DDL). Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MariaDB Server.
Successful attacks of this vulnerability can result in unauthorized read
access to a subset of MariaDB Server accessible data (CVE-2018-2813).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: DDL). Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MariaDB Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2817).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
InnoDB). Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2018-2819).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819
https://mariadb.com/kb/en/library/mariadb-10035-release-notes/
https://mariadb.org/mariadb-10-0-35-mariadb-galera-cluster-5-5-60-and-mariadb-connector-c-3-0-4-now-available/
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
Thomas Backlund 2018-05-29 20:51:04 CEST

Keywords: (none) => advisory
CC: (none) => tmb

Comment 6 Mageia Robot 2018-05-29 21:42:31 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0259.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.