https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2758
Whiteboard: (none) => MGA6TOO
Summary: new security issues in MariaDB => MariaDB new security issues
MGA6: Suggested advisory: ======================== Updated mariadb packages fix security vulnerabilities: Some easily exploitable security issues were discovered and fixed in the latest release from this branch. This release contains some bugfixes for - FULLTEXT INDEX - Encrypted temporary tables - Indexed virtual columns - Recovery & Mariabackup References: https://mariadb.com/kb/en/library/mariadb-10317-release-notes/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2758 Updated packages in core/updates_testing: ======================== mariadb-10.1.41-1.mga6 mysql-MariaDB-10.1.41-1.mga6 mariadb-cassandra-10.1.41-1.mga6 mariadb-feedback-10.1.41-1.mga6 mariadb-connect-10.1.41-1.mga6 mariadb-sphinx-10.1.41-1.mga6 mariadb-mroonga-10.1.41-1.mga6 mariadb-sequence-10.1.41-1.mga6 mariadb-spider-10.1.41-1.mga6 mariadb-extra-10.1.41-1.mga6 mariadb-obsolete-10.1.41-1.mga6 mariadb-core-10.1.41-1.mga6 mariadb-common-core-10.1.41-1.mga6 mariadb-common-10.1.41-1.mga6 mariadb-client-10.1.41-1.mga6 mariadb-bench-10.1.41-1.mga6 libmariadb18-10.1.41-1.mga6 libmariadb-devel-10.1.41-1.mga6 libmariadb-embedded18-10.1.41-1.mga6 libmariadb-embedded-devel-10.1.41-1.mga6 mariadb-debuginfo-10.1.41-1.mga6 Source RPMs: mariadb-10.1.41-1.mga6.src.rpm MGA7: Suggested advisory: ======================== Updated mariadb packages fix security vulnerabilities: Some easily exploitable security issues were discovered and fixed in the latest release from this branch. This release contains some bugfixes for - FULLTEXT INDEX - Encrypted temporary tables - Indexed virtual columns - Recovery & Mariabackup References: https://mariadb.com/kb/en/library/mariadb-10317-release-notes/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2758 Updated packages in core/updates_testing: ======================== mariadb-10.3.17-1.mga7 mysql-MariaDB-10.3.17-1.mga7 mariadb-feedback-10.3.17-1.mga7 mariadb-connect-10.3.17-1.mga7 mariadb-sphinx-10.3.17-1.mga7 mariadb-mroonga-10.3.17-1.mga7 mariadb-sequence-10.3.17-1.mga7 mariadb-spider-10.3.17-1.mga7 mariadb-extra-10.3.17-1.mga7 mariadb-obsolete-10.3.17-1.mga7 mariadb-core-10.3.17-1.mga7 mariadb-common-core-10.3.17-1.mga7 mariadb-common-10.3.17-1.mga7 mariadb-client-10.3.17-1.mga7 mariadb-bench-10.3.17-1.mga7 libmariadb3-10.3.17-1.mga7 libmariadb-devel-10.3.17-1.mga7 libmariadbd19-10.3.17-1.mga7 libmariadb-embedded-devel-10.3.17-1.mga7 mariadb-debugsource-10.3.17-1.mga7 mariadb-debuginfo-10.3.17-1.mga7 mariadb-feedback-debuginfo-10.3.17-1.mga7 mariadb-connect-debuginfo-10.3.17-1.mga7 mariadb-sphinx-debuginfo-10.3.17-1.mga7 mariadb-mroonga-debuginfo-10.3.17-1.mga7 mariadb-sequence-debuginfo-10.3.17-1.mga7 mariadb-spider-debuginfo-10.3.17-1.mga7 mariadb-extra-debuginfo-10.3.17-1.mga7 mariadb-obsolete-debuginfo-10.3.17-1.mga7 mariadb-core-debuginfo-10.3.17-1.mga7 mariadb-common-debuginfo-10.3.17-1.mga7 mariadb-client-debuginfo-10.3.17-1.mga7 mariadb-bench-debuginfo-10.3.17-1.mga7 libmariadb3-debuginfo-10.3.17-1.mga7 libmariadbd19-debuginfo-10.3.17-1.mga7 libmariadb-embedded-devel-debuginfo-10.3.17-1.mga7 Source RPMs: mariadb-10.3.17-1.mga7.src.rpm
Assignee: mageia => qa-bugs
Installed and tested without issues. Tested using: - php scripts using PDO/mysql; - myphpadmin; - Qt5 applications using the mysql plugin. - MySQL Workbench; - mysql CLI; System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.1.18-desktop-1.mga7 #1 SMP Sun Jul 14 10:08:39 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ $ $ rpm -qa | grep -iE 'mariadb|mysql' | sort lib64mariadb3-10.3.17-1.mga7 lib64mysqlcppconn7-1.1.9-2.1.mga7 lib64qt5-database-plugin-mysql-5.12.2-2.mga7 mariadb-10.3.17-1.mga7 mariadb-client-10.3.17-1.mga7 mariadb-common-10.3.17-1.mga7 mariadb-common-core-10.3.17-1.mga7 mariadb-core-10.3.17-1.mga7 mariadb-extra-10.3.17-1.mga7 mysql-workbench-6.3.10-6.mga7 perl-DBD-mysql-4.50.0-1.mga7 php-mysqli-7.3.8-1.mga7 php-mysqlnd-7.3.8-1.mga7 php-pdo_mysql-7.3.8-1.mga7 $ $ $ systemctl status mysqld ● mysqld.service - MySQL database server Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2019-08-02 14:45:59 WEST; 2s ago Process: 14468 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS) Main PID: 14483 (mysqld) Status: "Taking your SQL requests now..." Memory: 54.1M CGroup: /system.slice/mysqld.service └─14483 /usr/sbin/mysqld ago 02 14:45:59 marte mysqld[14483]: 2019-08-02 14:45:59 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. ago 02 14:45:59 marte mysqld[14483]: 2019-08-02 14:45:59 0 [Note] InnoDB: 10.3.17 started; log sequence number 292399285; transaction id 893247 ago 02 14:45:59 marte mysqld[14483]: 2019-08-02 14:45:59 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool ago 02 14:45:59 marte mysqld[14483]: 190802 14:45:59 server_audit: MariaDB Audit Plugin version 1.4.8 STARTED. ago 02 14:45:59 marte mysqld[14483]: 190802 14:45:59 server_audit: Query cache is enabled with the TABLE events. Some table reads can be veiled.2019-08-02 14:45:59 0 [Note] Reading of all Master_info entries s> ago 02 14:45:59 marte mysqld[14483]: 2019-08-02 14:45:59 0 [Note] Added new Master_info '' to hash table ago 02 14:45:59 marte mysqld[14483]: 2019-08-02 14:45:59 0 [Note] /usr/sbin/mysqld: ready for connections. ago 02 14:45:59 marte mysqld[14483]: Version: '10.3.17-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 0 Mageia MariaDB Server ago 02 14:45:59 marte systemd[1]: Started MySQL database server. ago 02 14:45:59 marte mysqld[14483]: 2019-08-02 14:45:59 0 [Note] InnoDB: Buffer pool(s) load completed at 190802 14:45:59
CC: (none) => mageia
Have been using this update without issues for several days now. I'm putting and OK for x86_64 on this. Feel free to remove it if you think an OK is premature.
Whiteboard: MGA6TOO => MGA6TOO MGA6-64-OK
Whiteboard: MGA6TOO MGA6-64-OK => MGA6TOO MGA7-64-OK
We need an MGA6 OK before this ca be validated.
CC: (none) => andrewsfarm
QA Contact: (none) => securityKeywords: (none) => advisoryComponent: RPM Packages => SecurityCC: (none) => tmb
Summary: MariaDB new security issues => mariadb new security issues (fixed in 10.1.41 and 10.3.17)
MGA6 - 64bit - Xfce - Mariadb 10.1.41 $ uname -a Linux localhost 4.14.137-desktop-1.mga6 #1 SMP Wed Aug 7 11:51:54 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux - glibc-devel-2.22-29.mga6.x86_64 - kernel-userspace-headers-4.14.137-1.mga6.x86_64 - lib64aio-devel-0.3.110-4.mga6.x86_64 - lib64aio1-0.3.110-4.mga6.x86_64 - lib64bzip2-devel-1.0.6-10.mga6.x86_64 - lib64jemalloc2-4.5.0-4.mga6.x86_64 - lib64lz4-devel-1.7.5-1.mga6.x86_64 - lib64lz4_1-1.7.5-1.mga6.x86_64 - lib64lzma-devel-5.2.3-1.mga6.x86_64 - lib64lzo-devel-2.09-4.mga6.x86_64 - lib64mariadb-devel-10.1.41-1.mga6.x86_64 - lib64mariadb-embedded-devel-10.1.41-1.mga6.x86_64 - lib64mariadb-embedded18-10.1.41-1.mga6.x86_64 - lib64mariadb18-10.1.41-1.mga6.x86_64 - lib64minilzo0-2.09-4.mga6.x86_64 - lib64openssl-devel-1.0.2r-1.mga6.x86_64 - lib64pcre-devel-8.41-1.mga6.x86_64 - lib64pcre32_0-8.41-1.mga6.x86_64 - lib64pcreposix1-8.41-1.mga6.x86_64 - lib64pq5-9.6.15-1.mga6.x86_64 - lib64zlib-devel-1.2.11-4.1.mga6.x86_64 - libstdc++-devel-5.5.0-2.mga6.x86_64 - libstdc++6-5.5.0-2.mga6.x86_64 - mariadb-10.1.41-1.mga6.x86_64 - mariadb-client-10.1.41-1.mga6.x86_64 - mariadb-common-10.1.41-1.mga6.x86_64 - mariadb-common-core-10.1.41-1.mga6.x86_64 - mariadb-core-10.1.41-1.mga6.x86_64 - mariadb-extra-10.1.41-1.mga6.x86_64 - mariadb-feedback-10.1.41-1.mga6.x86_64 - mariadb-mroonga-10.1.41-1.mga6.x86_64 - mariadb-obsolete-10.1.41-1.mga6.x86_64 - mariadb-sequence-10.1.41-1.mga6.x86_64 - mariadb-sphinx-10.1.41-1.mga6.x86_64 - mariadb-spider-10.1.41-1.mga6.x86_64 - perl-DBI-1.636.0-2.mga6.x86_64 - sphinx-2.2.11-1.mga6.x86_64 Installed nextcloud to use mariadb. Working as designed.
CC: (none) => brtians1
MGA6 32bit - Mate $ uname -a Linux localhost 4.14.137-desktop-1.mga6 #1 SMP Wed Aug 7 15:08:19 UTC 2019 i686 i686 i686 GNU/Linux - libaio1-0.3.110-4.mga6.i586 - libjemalloc2-4.5.0-4.mga6.i586 - liblz4_1-1.7.5-1.mga6.i586 - libmariadb18-10.1.41-1.mga6.i586 - libpcreposix1-8.41-1.mga6.i586 - mariadb-10.1.41-1.mga6.i586 - mariadb-client-10.1.41-1.mga6.i586 - mariadb-common-10.1.41-1.mga6.i586 - mariadb-common-core-10.1.41-1.mga6.i586 - mariadb-core-10.1.41-1.mga6.i586 - mariadb-extra-10.1.41-1.mga6.i586 - perl-DBI-1.636.0-2.mga6.i586 Repeated nextcloud test - it worked.
Whiteboard: MGA6TOO MGA7-64-OK => MGA6TOO MGA7-64-OK MGA6-64-OK MGA6-32-OK
Thank you, Brian. Validating to send it on its way...
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0224.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED