CVE-2019-2974 CVE-2019-2938
Suggested advisory: ======================== Updated mariadb packages fix security vulnerabilities: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer) [1]. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB) [2]. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2974 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2938 ======================== Updated packages in core/updates_testing: ======================== mariadb-10.3.20-1.mga7 mysql-MariaDB-10.3.20-1.mga7 mariadb-feedback-10.3.20-1.mga7 mariadb-connect-10.3.20-1.mga7 mariadb-sphinx-10.3.20-1.mga7 mariadb-mroonga-10.3.20-1.mga7 mariadb-sequence-10.3.20-1.mga7 mariadb-spider-10.3.20-1.mga7 mariadb-rocks-10.3.20-1.mga7 mariadb-extra-10.3.20-1.mga7 mariadb-obsolete-10.3.20-1.mga7 mariadb-core-10.3.20-1.mga7 mariadb-common-core-10.3.20-1.mga7 mariadb-common-10.3.20-1.mga7 mariadb-client-10.3.20-1.mga7 mariadb-bench-10.3.20-1.mga7 lib64mariadb3-10.3.20-1.mga7 lib64mariadb-devel-10.3.20-1.mga7 lib64mariadbd19-10.3.20-1.mga7 lib64mariadb-embedded-devel-10.3.20-1.mga7 mariadb-debugsource-10.3.20-1.mga7 mariadb-debuginfo-10.3.20-1.mga7 mariadb-feedback-debuginfo-10.3.20-1.mga7 mariadb-connect-debuginfo-10.3.20-1.mga7 mariadb-sphinx-debuginfo-10.3.20-1.mga7 mariadb-mroonga-debuginfo-10.3.20-1.mga7 mariadb-sequence-debuginfo-10.3.20-1.mga7 mariadb-spider-debuginfo-10.3.20-1.mga7 mariadb-rocks-debuginfo-10.3.20-1.mga7 mariadb-extra-debuginfo-10.3.20-1.mga7 mariadb-obsolete-debuginfo-10.3.20-1.mga7 mariadb-core-debuginfo-10.3.20-1.mga7 mariadb-common-debuginfo-10.3.20-1.mga7 mariadb-client-debuginfo-10.3.20-1.mga7 mariadb-bench-debuginfo-10.3.20-1.mga7 lib64mariadb3-debuginfo-10.3.20-1.mga7 lib64mariadbd19-debuginfo-10.3.20-1.mga7 lib64mariadb-embedded-devel-debuginfo-10.3.20-1.mga7 Source RPMs: mariadb-10.3.20-1.mga7.src.rpm
Assignee: mageia => qa-bugs
CC: (none) => tmbQA Contact: (none) => securityComponent: RPM Packages => Security
Installed and tested without issues. Tested with: - MySQL Workbench; - phpMyAdmin; - mysql CLI; - Qt5 applications using the mysql plugin; - php scripts using PDO/mysql; - several simple and complex SQL scripts. Everything seems OK. No regressions noticed. $ uname -a Linux marte 5.3.11-desktop-1.mga7 #1 SMP Tue Nov 12 21:10:01 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ LANGUAGE=C urpmi mariadb Marking mariadb as manually installed, it won't be auto-orphaned writing /var/lib/rpm/installed-through-deps.list To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing") lib64mariadb3 10.3.20 1.mga7 x86_64 mariadb 10.3.20 1.mga7 x86_64 mariadb-client 10.3.20 1.mga7 x86_64 mariadb-common 10.3.20 1.mga7 x86_64 mariadb-common-core 10.3.20 1.mga7 x86_64 mariadb-core 10.3.20 1.mga7 x86_64 mariadb-extra 10.3.20 1.mga7 x86_64 106KB of additional disk space will be used. 14MB of packages will be retrieved. Proceed with the installation of the 7 packages? (Y/n) $ rpm -qa | grep -i maria lib64mariadb3-10.3.20-1.mga7 mariadb-10.3.20-1.mga7 mariadb-common-core-10.3.20-1.mga7 mariadb-extra-10.3.20-1.mga7 mariadb-client-10.3.20-1.mga7 mariadb-common-10.3.20-1.mga7 mariadb-core-10.3.20-1.mga7 $ systemctl restart mysqld.service $ systemctl status mysqld ● mysqld.service - MySQL database server Loaded: loaded (/usr/lib/systemd/system/mysqld.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2019-11-16 22:55:29 WET; 1min ago Process: 20954 ExecStartPre=/usr/sbin/mysqld-prepare-db-dir (code=exited, status=0/SUCCESS) Main PID: 20968 (mysqld) Status: "Taking your SQL requests now..." Memory: 70.3M CGroup: /system.slice/mysqld.service └─20968 /usr/sbin/mysqld nov 16 22:55:29 marte mysqld[20968]: 2019-11-16 22:55:29 0 [Note] InnoDB: 10.3.20 started; log sequence number 292591415; transaction id 893307 nov 16 22:55:29 marte mysqld[20968]: 2019-11-16 22:55:29 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool nov 16 22:55:29 marte mysqld[20968]: 191116 22:55:29 server_audit: MariaDB Audit Plugin version 1.4.8 STARTED. nov 16 22:55:29 marte mysqld[20968]: 191116 22:55:29 server_audit: Query cache is enabled with the TABLE events. Some table reads can be veiled.2019-11-16 22:55:29 0 [Note] Reading of all Master_info entries s> nov 16 22:55:29 marte mysqld[20968]: 2019-11-16 22:55:29 0 [Note] Added new Master_info '' to hash table nov 16 22:55:29 marte mysqld[20968]: 2019-11-16 22:55:29 0 [Note] /usr/sbin/mysqld: ready for connections. nov 16 22:55:29 marte mysqld[20968]: Version: '10.3.20-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 0 Mageia MariaDB Server nov 16 22:55:29 marte systemd[1]: Started MySQL database server. nov 16 22:55:29 marte mysqld[20968]: 2019-11-16 22:55:29 0 [Note] InnoDB: Buffer pool(s) load completed at 191116 22:55:29 $ mysql_upgrade -p --skip-write-binlog Enter password: Phase 1/7: Checking and upgrading mysql database Processing databases <SNIP>
CC: (none) => mageiaWhiteboard: (none) => MGA7-64-OK
Looks good enough to me. Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0335.html
Status: NEW => RESOLVEDResolution: (none) => FIXED