Bug 23407 - mariadb 10.0.36
Summary: mariadb 10.0.36
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-32-OK
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-08 00:58 CEST by David Walser
Modified: 2018-08-10 17:08 CEST (History)
2 users (show)

See Also:
Source RPM: mariadb-10.0.35-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-08-08 00:58:00 CEST
MariaDB 10.0.36 has been released on August 1:
https://mariadb.org/mariadb-10-0-36-now-available/
https://mariadb.com/kb/en/library/mariadb-10036-release-notes/

It fixes 4 security issues.

Corresponding Oracle CPU:
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL

Update submitted to the build system.  Saving the advisory below.

Advisory:
========================

Updated mariadb packages fix security vulnerabilities:

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
MyISAM). Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized update, insert or
delete access to some of MariaDB Server accessible data (CVE-2018-3058).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: Security: Privileges). Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MariaDB Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash (complete
DOS) of MariaDB Server (CVE-2018-3063).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
InnoDB). Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MariaDB Server as well
as unauthorized update, insert or delete access to some of MariaDB Server
accessible data (CVE-2018-3064).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: Options). Difficult to exploit vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MariaDB
Server. Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MariaDB Server accessible data as
well as unauthorized read access to a subset of MariaDB Server accessible data
(CVE-2018-3066).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066
https://mariadb.com/kb/en/library/mariadb-10036-release-notes/
https://mariadb.org/mariadb-10-0-36-now-available/
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL
========================

Updated packages in core/updates_testing:
========================
mariadb-10.0.36-1.mga5
mysql-MariaDB-10.0.36-1.mga5
mariadb-cassandra-10.0.36-1.mga5
mariadb-feedback-10.0.36-1.mga5
mariadb-oqgraph-10.0.36-1.mga5
mariadb-connect-10.0.36-1.mga5
mariadb-sphinx-10.0.36-1.mga5
mariadb-mroonga-10.0.36-1.mga5
mariadb-sequence-10.0.36-1.mga5
mariadb-spider-10.0.36-1.mga5
mariadb-extra-10.0.36-1.mga5
mariadb-obsolete-10.0.36-1.mga5
mariadb-core-10.0.36-1.mga5
mariadb-common-core-10.0.36-1.mga5
mariadb-common-10.0.36-1.mga5
mariadb-client-10.0.36-1.mga5
mariadb-bench-10.0.36-1.mga5
libmariadb18-10.0.36-1.mga5
libmariadb-devel-10.0.36-1.mga5
libmariadb-embedded18-10.0.36-1.mga5
libmariadb-embedded-devel-10.0.36-1.mga5

from mariadb-10.0.36-1.mga5.src.rpm
Comment 1 David Walser 2018-08-08 05:01:05 CEST
It built.  Advisory and package list in Comment 0.

Assignee: luigiwalser => qa-bugs

Thomas Backlund 2018-08-10 12:31:20 CEST

CC: (none) => tmb
Version: Cauldron => 5

Comment 2 Herman Viaene 2018-08-10 17:08:22 CEST
MGA5-32 Xfce on Dell Latitude D600
No installation issues
This is overwriting an existing older version.
Ran phpmyadmin, deleted two previous test databases, created a now one, created a test table with a primary key, another unique key and a timestamp field.All OK.
Good to go for me.

Whiteboard: (none) => MGA5-32-OK
CC: (none) => herman.viaene


Note You need to log in before you can comment on or make changes to this bug.