MariaDB 10.1.34 was released on June 18: https://mariadb.org/mariadb-10-1-34-and-latest-mariadb-connectors-now-available/ https://mariadb.com/kb/en/library/mariadb-10134-release-notes/ No security fixes are listed as of now, but may be later.
Assigning to the registered maintainer. CC'ing two recent committers.
CC: (none) => marja11, mrambo, tmbAssignee: bugsquad => alien
Summary: mariadb 10.1.34 => mariadb 10.1.35CC: (none) => mageia
Assignee: alien => mageia
Thanks for picking this up. I see you changed the version number... MariaDB 10.1.35 was released today (August 7): https://mariadb.org/mariadb-10-1-35-and-mariadb-galera-cluster-10-0-36-now-available/ https://mariadb.com/kb/en/library/mariadb-10135-release-notes/ It fixes 4 security issues.
QA Contact: (none) => securityComponent: RPM Packages => Security
Corresponding Oracle CPU: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL
I see the update's already building. Advisory below. Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: MyISAM). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-3058). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Security: Privileges). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-3063). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-3064). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Options). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data as well as unauthorized read access to a subset of MariaDB Server accessible data (CVE-2018-3066). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066 https://mariadb.com/kb/en/library/mariadb-10134-release-notes/ https://mariadb.com/kb/en/library/mariadb-10135-release-notes/ https://mariadb.org/mariadb-10-1-34-and-latest-mariadb-connectors-now-available/ https://mariadb.org/mariadb-10-1-35-and-mariadb-galera-cluster-10-0-36-now-available/ http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL ======================== Updated packages in core/updates_testing: ======================== mariadb-10.1.35-1.mga6 mysql-MariaDB-10.1.35-1.mga6 mariadb-cassandra-10.1.35-1.mga6 mariadb-feedback-10.1.35-1.mga6 mariadb-connect-10.1.35-1.mga6 mariadb-sphinx-10.1.35-1.mga6 mariadb-mroonga-10.1.35-1.mga6 mariadb-sequence-10.1.35-1.mga6 mariadb-spider-10.1.35-1.mga6 mariadb-extra-10.1.35-1.mga6 mariadb-obsolete-10.1.35-1.mga6 mariadb-core-10.1.35-1.mga6 mariadb-common-core-10.1.35-1.mga6 mariadb-common-10.1.35-1.mga6 mariadb-client-10.1.35-1.mga6 mariadb-bench-10.1.35-1.mga6 libmariadb18-10.1.35-1.mga6 libmariadb-devel-10.1.35-1.mga6 libmariadb-embedded18-10.1.35-1.mga6 libmariadb-embedded-devel-10.1.35-1.mga6 from mariadb-10.1.35-1.mga6.src.rpm
Completed: Failed 1/4754 tests, 99.98% were successful. Failing test(s): disks.disks http://pkgsubmit.mageia.org/uploads/failure/6/core/updates_testing/20180807171622.mokraemer.duvel.29558/log/mariadb-10.1.35-1.mga6/build.0.20180807171728.log
thx. It was the same in cauldron on the last release. This is just an information scheme test. We skip this test ;) Rebuild is running, but with the tests, it takes ages. I think the last release was faster in building....
Assignee: mageia => qa-bugs
Installed and tested without issues. Tests included: - Using several web sites (e.g. PHP scripts) that use MySQL databases. - Using the CLI client to run several complex SQL scripts. - Using custom Qt/C++ applications that use MySQL. - Using the CLI client manually. - Local (unix socket) and remote (IPv4 socket) connections. - Using MySQL workbench GUI. - Database dump/restore. System: Mageia 6, x86_64, Intel CPU. $ uname -a Linux marte 4.14.56-desktop-1.mga6 #1 SMP Mon Jul 16 19:36:06 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep -i mariadb | sort lib64mariadb18-10.1.35-1.mga6 lib64mariadb-embedded18-10.1.35-1.mga6 mariadb-10.1.35-1.mga6 mariadb-bench-10.1.35-1.mga6 mariadb-client-10.1.35-1.mga6 mariadb-common-10.1.35-1.mga6 mariadb-common-core-10.1.35-1.mga6 mariadb-core-10.1.35-1.mga6 mariadb-extra-10.1.35-1.mga6 mariadb-feedback-10.1.35-1.mga6
Whiteboard: (none) => MGA6-64-OKCC: (none) => mageia
MGA6-32 MATE on IBM Thinkpad R50e No installation issues This is overwriting an existing older version. Ran phpmyadmin, deleted a previous test database, created a now one, created a test table with a primary key, another unique key and a timestamp field.All OK. Good to go for me.
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OKCC: (none) => herman.viaene
advisory added, validating
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0335.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED