MariaDB 10.0.36 has been released on August 1: https://mariadb.org/mariadb-10-0-36-now-available/ https://mariadb.com/kb/en/library/mariadb-10036-release-notes/ It fixes 4 security issues. Corresponding Oracle CPU: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL Update submitted to the build system. Saving the advisory below. Advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: MyISAM). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-3058). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Security: Privileges). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-3063). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-3064). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Options). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data as well as unauthorized read access to a subset of MariaDB Server accessible data (CVE-2018-3066). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066 https://mariadb.com/kb/en/library/mariadb-10036-release-notes/ https://mariadb.org/mariadb-10-0-36-now-available/ http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL ======================== Updated packages in core/updates_testing: ======================== mariadb-10.0.36-1.mga5 mysql-MariaDB-10.0.36-1.mga5 mariadb-cassandra-10.0.36-1.mga5 mariadb-feedback-10.0.36-1.mga5 mariadb-oqgraph-10.0.36-1.mga5 mariadb-connect-10.0.36-1.mga5 mariadb-sphinx-10.0.36-1.mga5 mariadb-mroonga-10.0.36-1.mga5 mariadb-sequence-10.0.36-1.mga5 mariadb-spider-10.0.36-1.mga5 mariadb-extra-10.0.36-1.mga5 mariadb-obsolete-10.0.36-1.mga5 mariadb-core-10.0.36-1.mga5 mariadb-common-core-10.0.36-1.mga5 mariadb-common-10.0.36-1.mga5 mariadb-client-10.0.36-1.mga5 mariadb-bench-10.0.36-1.mga5 libmariadb18-10.0.36-1.mga5 libmariadb-devel-10.0.36-1.mga5 libmariadb-embedded18-10.0.36-1.mga5 libmariadb-embedded-devel-10.0.36-1.mga5 from mariadb-10.0.36-1.mga5.src.rpm
It built. Advisory and package list in Comment 0.
Assignee: luigiwalser => qa-bugs
Version: Cauldron => 5CC: (none) => tmb
MGA5-32 Xfce on Dell Latitude D600 No installation issues This is overwriting an existing older version. Ran phpmyadmin, deleted two previous test databases, created a now one, created a test table with a primary key, another unique key and a timestamp field.All OK. Good to go for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA5-32-OK
On real hardware, Athlon X2 7750, 8GB RAM, nvidia340 graphics, atheros wifi, 64-bit KDE4. Packages updated cleanly. On the basis of this and Herman's test, giving this a 64-bit OK and validating.
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0359.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED