Bug 23867 - mariadb 10.1.37
Summary: mariadb 10.1.37
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-11-20 23:47 CET by David Walser
Modified: 2019-05-05 16:50 CEST (History)
6 users (show)

See Also:
Source RPM: mariadb-10.1.35-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-11-20 23:47:11 CET
MariaDB 10.1.37 was released on November 2 (10.1.36 on September 8):
https://mariadb.com/kb/en/library/mariadb-10136-release-notes/
https://mariadb.com/kb/en/library/mariadb-10137-release-notes/

It fixes some security issues from the latest Oracle CPU:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Comment 1 Marja Van Waes 2018-11-22 09:24:03 CET
Assigning to mokraemer, because he is the de facto maintainer.

@ Marc

Feel free to re-assign if you don't agree!

CC'ing the registered maintainer.

Assignee: bugsquad => mageia
CC: (none) => alien, marja11

Comment 2 Marc Krämer 2018-11-22 23:04:32 CET
Suggested advisory:
========================

Updated mariadb packages fix security vulnerabilities:

Some easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server have been fixed.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3143 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3156 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3251
========================

Updated packages in core/updates_testing:
========================
mariadb-10.1.37-1.mga6
mysql-MariaDB-10.1.37-1.mga6
mariadb-cassandra-10.1.37-1.mga6
mariadb-feedback-10.1.37-1.mga6
mariadb-connect-10.1.37-1.mga6
mariadb-sphinx-10.1.37-1.mga6
mariadb-mroonga-10.1.37-1.mga6
mariadb-sequence-10.1.37-1.mga6
mariadb-spider-10.1.37-1.mga6
mariadb-extra-10.1.37-1.mga6
mariadb-obsolete-10.1.37-1.mga6
mariadb-core-10.1.37-1.mga6
mariadb-common-core-10.1.37-1.mga6
mariadb-common-10.1.37-1.mga6
mariadb-client-10.1.37-1.mga6
mariadb-bench-10.1.37-1.mga6
lib64mariadb18-10.1.37-1.mga6
lib64mariadb-devel-10.1.37-1.mga6
lib64mariadb-embedded18-10.1.37-1.mga6
lib64mariadb-embedded-devel-10.1.37-1.mga6
mariadb-debuginfo-10.1.37-1.mga6

Source RPMs: 
========================
mariadb-10.1.37-1.mga6.src.rpm

Assignee: mageia => qa-bugs

Comment 3 PC LX 2018-11-24 16:54:57 CET
Installed and tested without issues.

Tests included:
- MySQL Workbench;
- /usr/bin/mysql_client_test (all OK);
- Several PHP scripts that use PDO API with databases in MariaDB;
- Qt5/C++ applications using the MySQL plugin (lib64qt5-database-plugin-mysql-5.9.4-1.1.mga6);
- Several SQL heavy scripts;
- mysqldump;
- mysql CLI.

System: Mageia 6, x86_64, Intel CPU.

$ uname -a
Linux marte 4.14.78-desktop-1.mga6 #1 SMP Sun Oct 21 20:31:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep mariadb | sort
lib64mariadb18-10.1.37-1.mga6
lib64mariadb-embedded18-10.1.37-1.mga6
mariadb-10.1.37-1.mga6
mariadb-bench-10.1.37-1.mga6
mariadb-client-10.1.37-1.mga6
mariadb-common-10.1.37-1.mga6
mariadb-common-core-10.1.37-1.mga6
mariadb-core-10.1.37-1.mga6
mariadb-extra-10.1.37-1.mga6
mariadb-feedback-10.1.37-1.mga6
$ mysql_upgrade -p --skip-write-binlog
Enter password: 
Phase 1/7: Checking and upgrading mysql database
Processing databases
<SNIP ALL OK>
Phase 2/7: Installing used storage engines... Skipped                                                                                                                                        
Phase 3/7: Fixing views                                                                                                                                                                      
Phase 4/7: Running 'mysql_fix_privilege_tables'                                                                                                                                              
Phase 5/7: Fixing table and database names                                                                                                                                                   
Phase 6/7: Checking and upgrading tables                                                                                                                                                     
Processing databases                                                                                                                                                                         
<SNIP ALL OK>
Phase 7/7: Running 'FLUSH PRIVILEGES'
OK

CC: (none) => mageia
Whiteboard: (none) => MGA6-64-OK

Comment 4 Lewis Smith 2018-11-27 10:14:42 CET
Great test, PC_LX. Advisory ex comment 2, validating.

Keywords: (none) => advisory, validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 5 Herman Viaene 2018-11-27 10:21:59 CET
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
# systemctl -l status mysqld
● mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
# systemctl start mysqld
# systemctl -l status mysqld
● mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: enabled)
   Active: active (running) since di 2018-11-27 10:04:02 CET; 4s ago
  Process: 17466 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS)
 Main PID: 17481 (mysqld)
   Status: "Taking your SQL requests now..."
   CGroup: /system.slice/mysqld.service
           └─17481 /usr/sbin/mysqld
Used phpmyadmin to delete a previous test database, create a new table in another existing test database
All OK.

CC: (none) => herman.viaene
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK

Comment 6 Mageia Robot 2018-11-27 16:27:13 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0469.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 7 Herman Viaene 2019-05-05 14:40:37 CEST
MGA6-64 Plasma on Lenovo B50
No installation issues
At CLI:
# systemctl -l status mysqld
● mysqld.service - MySQL database server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: enabled)
   Active: active (running) since zo 2019-05-05 14:29:27 CEST; 6min ago
 Main PID: 5024 (mysqld)
   Status: "Taking your SQL requests now..."
   CGroup: /system.slice/mysqld.service
           └─5024 /usr/sbin/mysqld

mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [Note] InnoDB: Waiting for purge to start
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [Note] InnoDB:  Percona XtraDB (http://www.percona.com) 5.6.43-84.3 started; log se
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072087189248 [Note] InnoDB: Dumping buffer pool(s) not yet started
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [Warning] mysqld: GSSAPI plugin : default principal 'mariadb/mach5.hviaene.thuis@' 
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093) : gss_acquire_
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [ERROR] Plugin 'gssapi' init function returned error.
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 190505 14:29:27 server_audit: MariaDB Audit Plugin version 1.4.4 STARTED.
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: 2019-05-05 14:29:27 140072759416896 [Note] /usr/sbin/mysqld: ready for connections.
mei 05 14:29:27 mach5.hviaene.thuis mysqld[5024]: Version: '10.1.39-MariaDB'  socket: '/var/lib/mysql/mysql.sock'  port: 0  Mageia MariaDB Server
mei 05 14:29:27 mach5.hviaene.thuis systemd[1]: Started MySQL database server.

I wanted to test as usual with phpmyadmin, but on installing that one I get:
"php-mcrypt is obsoleted by (geïnstalleerd) lib64php_common7-3:7.2.11-3.mga6.x86_64

Having to lookup another way of testing. AFAICS this is nowhere the fault of mariadb, but it's annoying.
Comment 8 Herman Viaene 2019-05-05 14:45:28 CEST
Installing mysql-workbench has the same problem.
Comment 9 David Walser 2019-05-05 16:50:09 CEST
You're commenting on the wrong bug, and you need to uninstall php7 from backports.

Note You need to log in before you can comment on or make changes to this bug.