sorry, I've seen this release, but it didn't look very severe to me.

We should always keep mariadb up to date.  The release notes are often missing security info at first.

ok, I'll take care of it. mariadb is just building.

Advisory:
========================

Updated mariadb packages fix security vulnerabilities:

Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
Optimizer). Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MariaDB Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2019-2529).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:
DDL). Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MariaDB Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MariaDB Server
(CVE-2019-2537).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2537
https://mariadb.com/kb/en/library/mariadb-10138-release-notes/
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
========================

Updated packages in core/updates_testing:
========================
mariadb-10.1.38-1.mga6
mysql-MariaDB-10.1.38-1.mga6
mariadb-cassandra-10.1.38-1.mga6
mariadb-feedback-10.1.38-1.mga6
mariadb-connect-10.1.38-1.mga6
mariadb-sphinx-10.1.38-1.mga6
mariadb-mroonga-10.1.38-1.mga6
mariadb-sequence-10.1.38-1.mga6
mariadb-spider-10.1.38-1.mga6
mariadb-extra-10.1.38-1.mga6
mariadb-obsolete-10.1.38-1.mga6
mariadb-core-10.1.38-1.mga6
mariadb-common-core-10.1.38-1.mga6
mariadb-common-10.1.38-1.mga6
mariadb-client-10.1.38-1.mga6
mariadb-bench-10.1.38-1.mga6
libmariadb18-10.1.38-1.mga6
libmariadb-devel-10.1.38-1.mga6
libmariadb-embedded18-10.1.38-1.mga6
libmariadb-embedded-devel-10.1.38-1.mga6

from mariadb-10.1.38-1.mga6.src.rpm

Assignee: mageia => qa-bugs
Severity: normal => major
CC: (none) => mageia

@David: thanks for the advisory, I was busy this afternoon.

$ uname -a
Linux linux.local 4.14.104-desktop-2.mga6 #1 SMP Wed Feb 27 17:08:11 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux


The following 36 packages are going to be installed:

- lib64aio-devel-0.3.110-4.mga6.x86_64
- lib64jemalloc2-4.5.0-4.mga6.x86_64
- lib64lz4-devel-1.7.5-1.mga6.x86_64
- lib64lzo-devel-2.09-4.mga6.x86_64
- lib64mariadb-devel-10.1.38-1.mga6.x86_64
- lib64mariadb-embedded-devel-10.1.38-1.mga6.x86_64
- lib64mariadb-embedded18-10.1.38-1.mga6.x86_64
- lib64mariadb18-10.1.38-1.mga6.x86_64
- lib64minilzo0-2.09-4.mga6.x86_64
- lib64openssl-devel-1.0.2r-1.mga6.x86_64
- lib64pcre-devel-8.41-1.mga6.x86_64
- lib64pcre16_0-8.41-1.mga6.x86_64
- lib64pcre32_0-8.41-1.mga6.x86_64
- lib64pcreposix1-8.41-1.mga6.x86_64
- lib64pq5-9.6.10-3.mga6.x86_64
- lib64thrift0-0.9.3-6.mga6.x86_64
- mariadb-10.1.38-1.mga6.x86_64
- mariadb-bench-10.1.38-1.mga6.x86_64
- mariadb-cassandra-10.1.38-1.mga6.x86_64
- mariadb-client-10.1.38-1.mga6.x86_64
- mariadb-common-10.1.38-1.mga6.x86_64
- mariadb-common-core-10.1.38-1.mga6.x86_64
- mariadb-connect-10.1.38-1.mga6.x86_64
- mariadb-core-10.1.38-1.mga6.x86_64
- mariadb-extra-10.1.38-1.mga6.x86_64
- mariadb-feedback-10.1.38-1.mga6.x86_64
- mariadb-mroonga-10.1.38-1.mga6.x86_64
- mariadb-obsolete-10.1.38-1.mga6.x86_64
- mariadb-sequence-10.1.38-1.mga6.x86_64
- mariadb-sphinx-10.1.38-1.mga6.x86_64
- mariadb-spider-10.1.38-1.mga6.x86_64
- mysql-MariaDB-10.1.38-1.mga6.x86_64
- perl-DBD-mysql-4.46.0-1.mga6.x86_64
- perl-DBI-1.636.0-2.mga6.x86_64
- perl-GD-2.560.0-4.mga6.x86_64
- sphinx-2.2.11-1.mga6.x86_64

use the mysql interface.  Created a database, a table. Inserted rows and deleted rows.

Working as designed.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => brtians1

Installed and tested without issues.

System: Mageia 6, x86_64, Intel CPU.

Tests included using:
- MySQL workbench;
- mysql CLI client with several large SQL scripts;
- Several PHP scripts that use PDO/MySQL;
- Several Qt5 C++ applications that use Qt5 MySQL plugin;

$ uname -a
Linux marte 4.14.106-desktop-1.mga6 #1 SMP Thu Mar 14 18:01:29 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep mariadb | sort
lib64mariadb18-10.1.38-1.mga6
lib64mariadb-embedded18-10.1.38-1.mga6
mariadb-10.1.38-1.mga6
mariadb-bench-10.1.38-1.mga6
mariadb-client-10.1.38-1.mga6
mariadb-common-10.1.38-1.mga6
mariadb-common-core-10.1.38-1.mga6
mariadb-core-10.1.38-1.mga6
mariadb-extra-10.1.38-1.mga6
mariadb-feedback-10.1.38-1.mga6
$ rpm -qa | grep mysql | sort
lib64mysqlcppconn7-1.1.8-1.mga6
lib64qt5-database-plugin-mysql-5.9.4-1.2.mga6
mysql-workbench-6.3.9-1.mga6
perl-DBD-mysql-4.46.0-1.mga6
php-mysqli-7.2.14-1.mga6
php-mysqlnd-7.2.14-1.mga6
php-pdo_mysql-7.2.14-1.mga6
php-pear-MDB2_Driver_mysql-1.5.0-0.0.b10.mga6
php-pear-MDB2_Driver_mysqli-1.5.0-0.0.b9.mga6

CC: (none) => mageia

Advisory committed to svn. Validating based on comment 7.

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0147.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED