You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa mariadb

Sigurnosni nedostaci programskog paketa mariadb

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2018-d955395c08
2018-05-22 14:28:36.839341
——————————————————————————–

Name : mariadb
Product : Fedora 26
Version : 10.1.33
Release : 1.fc26
URL : http://mariadb.org
Summary : A community developed branch of MySQL
Description :
MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

——————————————————————————–
Update Information:

**Update to 10.1.33** . **Release notes:**
https://mariadb.com/kb/en/library/mariadb-10133-release-notes/ **CVEs fixed:**
CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781
CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817
CVE-2018-2819
——————————————————————————–
ChangeLog:

* Thu May 10 2018 Michal Schorm <mschorm@redhat.com> – 3:10.1.33-1
– Rebase to 10.1.33
* Thu Mar 29 2018 Michal Schorm <mschorm@redhat.com> – 3:10.1.32-2
– Move my_print_defaults from client to server to not collide with community-mysql package
– Support –defaults-group-suffix properly in systemd unit file
Resolves: #1485777 #1540109
* Thu Mar 29 2018 Michal Schorm <mschorm@redhat.com> – 3:10.1.32-1
– Rebase to 10.1.32
* Thu Jan 25 2018 Michal Schorm <mschorm@redhat.com> – 3:10.1.31-1
– Rebase to 10.1.31
* Thu Jan 25 2018 Michal Schorm <mschorm@redhat.com> – 3:10.1.30-2
– Use downstream tmpfiles instead of the upstream one
Related: #1538066
* Tue Jan 9 2018 Michal Schorm <mschorm@redhat.com> – 3:10.1.30-1
– Fix cmake arguments (blocked debug builds)
– Fix loading of skipped tests files (omitted ppc list)
* Sat Dec 23 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.30-1
– Rebase to 10.1.30
* Tue Nov 21 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.29-1
– Rebase to 10.1.29
* Wed Oct 4 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.28-1
– Rebase to 10.1.28
* Mon Aug 14 2017 Honza Horak <hhorak@redhat.com> – 3:10.1.26-2
– Backport openssl 1.1 support from MariaDB 10.2
* Mon Aug 14 2017 Honza Horak <hhorak@redhat.com> – 3:10.1.26-1
– Upgrade to 10.1.26
* Mon Jul 10 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.25-2
– Disable DTrace
– Remove mysql-wait-* scripts. They aren’t needed when using systemd “Type=notify”
* Mon Jul 10 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.25-1
– Rebase to 10.1.25
– Disable plugins ‘cracklib’ and ‘gssapi’ by default
– Related: #1468028, #1464070
– Looks like the testsuite removes its ‘var’ content correctly,
no need to do that explicitly.
* Fri Jul 7 2017 Igor Gnatenko <ignatenko@redhat.com> – 3:10.1.24-5
– Rebuild due to bug in RPM (RHBZ #1468476)
* Mon Jun 19 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.24-4
– Use “/run” location instead of “/var/run” symlink
– Related: #1455811
– Remove AppArmor files
* Fri Jun 9 2017 Honza Horak <hhorak@redhat.com> – 3:10.1.24-3
– Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265
– Resolves: #1458940
– Check properly that datadir includes only expected files
– Related: #1356897
* Wed Jun 7 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.24-2
– Fixed incorrect Jemalloc initialization; #1459671
* Fri Jun 2 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.24-1
– Rebase to 10.1.24
– Build dependecies Bison and Libarchive added, others corrected
– Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB
– Removed patches: (fixed by upstream)
Patch5: mariadb-file-contents.patch
Patch14: mariadb-example-config-files.patch
Patch31: mariadb-string-overflow.patch
Patch32: mariadb-basedir.patch
Patch41: mariadb-galera-new-cluster-help.patch
– Resolves: rhbz#1414387
CVE-2017-3313
– Resolves partly: rhbz#1443408
CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464
* Tue May 23 2017 Michal Schorm <mschorm@redhat.com> – 3:10.1.21-6
– Plugin oqgraph enabled
– Plugin jemalloc enabled
– ‘force’ option for ‘rm’ removed
– Enabled ‘–big-test’ option for the testsuite
– Disabled ‘–skip-rpl’ option for the testsuite = replication tests enabled
– Multilib manpage added
——————————————————————————–
References:

[ 1 ] Bug #1568964 – CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 mariadb: various flaws [fedora-26]
https://bugzilla.redhat.com/show_bug.cgi?id=1568964
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-d955395c08’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7UF6XVJNCHPSN5BBYHUX267XZGFVP5P/

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top