drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in MariaDB
Name: |
Unsichere Verwendung temporärer Dateien in MariaDB |
|
ID: |
FEDORA-2014-9942 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Mi, 10. September 2014, 18:52 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
MariaDB |
|
Originalnachricht |
Name : mariadb Product : Fedora 19 Version : 5.5.39 Release : 1.fc19 URL : http://mariadb.org Summary : A community developed branch of MySQL Description : MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files.
------------------------------------------------------------------------------- - Update Information:
This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5539-changelog and also an unspecified MyISAM temporary file issue. ------------------------------------------------------------------------------- - ChangeLog:
* Fri Aug 22 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.39-1 - Update to 5.5.39 * Fri Jun 27 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.38-3 - Add compatible libmysqlclient_18 version for symbols Resolves: #1111776 * Thu Jun 19 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.38-2 - Enable TokuDB engine for x86_64 - Re-enable tokudb_innodb_xa_crash again, seems to be fixed now Resolves: #1074488 * Wed Jun 18 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.38-1 - Rebase to 5.5.38 https://kb.askmonty.org/en/mariadb-5538-changelog/ * Thu Apr 17 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.37-1 - Update to MariaDB 5.5.37, for various fixes described at https://kb.askmonty.org/en/mariadb-5537-changelog/ Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419 * Thu Mar 6 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.36-1 - Rebase to 5.5.36 https://kb.askmonty.org/en/mariadb-5536-changelog/ * Wed Feb 5 2014 Honza Horak <hhorak@redhat.com> 1:5.5.35-2 - Do not touch the log file in post script, so it does not get wrong owner Resolves: #1061045 * Thu Jan 30 2014 Honza Horak <hhorak@redhat.com> 1:5.5.35-1 - Rebase to 5.5.35 https://kb.askmonty.org/en/mariadb-5535-changelog/ Also fixes: CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908, CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401, CVE-2014-0402 Resolves: #1054043 Resolves: #1059546 * Wed Jan 8 2014 Honza Horak <hhorak@redhat.com> 1:5.5.34-4 - Read socketfile location in mariadb-prepare-db-dir script * Mon Jan 6 2014 Honza Horak <hhorak@redhat.com> 1:5.5.34-3 - Don't test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl which now makes mariadb/mysql FTBFS because openssl_1 test fails Related: #1044565 - Check if socket file is not being used by another process at a time of starting the service Related: #1045435 * Wed Nov 27 2013 Honza Horak <hhorak@redhat.com> 1:5.5.34-2 - Fix mariadb-wait-ready script * Fri Nov 22 2013 Honza Horak <hhorak@redhat.com> 1:5.5.34-1 - Rebase to 5.5.34 * Mon Nov 4 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-4 - Fix spec file to be ready for backport by Oden Eriksson Resolves: #1026404 * Mon Nov 4 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-3 - Add pam-devel to build-requires in order to build Related: #1019945 - Check if correct process is running in mysql-wait-ready script Related: #1026313 * Thu Oct 10 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-1 - Rebase to 5.5.33a https://kb.askmonty.org/en/mariadb-5533-changelog/ https://kb.askmonty.org/en/mariadb-5533a-changelog/ - Enable outfile_loaddata test - Disable tokudb_innodb_xa_crash test * Wed Aug 14 2013 Rex Dieter <rdieter@fedoraproject.org> 1:5.5.32-8 - fix alternatives usage * Tue Aug 13 2013 Honza Horak <hhorak@redhat.com> - 1:5.5.32-7 - Multilib issues solved by alternatives Resolves: #986959 * Tue Jul 30 2013 Honza Horak <hhorak@redhat.com> - 1:5.5.32-6 - Remove unneeded systemd-sysv requires - Provide mysql-compat-server symbol - Create mariadb.service symlink - Fix multilib header location for arm - Enhance documentation in the unit file - Use scriptstub instead of links to avoid multilib conflicts - Add condition for doc placement in F20+ * Sun Jul 28 2013 Dennis Gilmore <dennis@ausil.us> - 1:5.5.32-5 - remove "Requires(pretrans): systemd" since its not possible - when installing mariadb and systemd at the same time. as in a new install * Sat Jul 27 2013 Kevin Fenzi <kevin@scrye.com> 1:5.5.32-4 - Set rpm doc macro to install docs in unversioned dir * Fri Jul 26 2013 Dennis Gilmore <dennis@ausil.us> 1:5.5.32-3 - add Requires(pre) on systemd for the server package * Tue Jul 23 2013 Dennis Gilmore <dennis@ausil.us> 1:5.5.32-2 - replace systemd-units requires with systemd - remove solaris files * Fri Jul 19 2013 Honza Horak <hhorak@redhat.com> 1:5.5.32-1 - Rebase to 5.5.32 https://kb.askmonty.org/en/mariadb-5532-changelog/ - Clean-up un-necessary systemd snippets * Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1:5.5.31-7 - Perl 5.18 rebuild * Mon Jul 1 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-6 - Test suite params enhanced to decrease server condition influence - Fix misleading error message when uninstalling built-in plugins Related: #966873 * Thu Jun 27 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-5 - Apply fixes found by Coverity static analysis tool * Wed Jun 19 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-4 - Do not use pretrans scriptlet, which doesn't work in anaconda Resolves: #975348 * Fri Jun 14 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-3 - Explicitly enable mysqld if it was enabled in the beggining of the transaction. * Thu Jun 13 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-2 - Apply man page fix from Jan Stanek ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1126271 - mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20 https://bugzilla.redhat.com/show_bug.cgi?id=1126271 [ 2 ] Bug #1126272 - mysql: yaSSL off-by-one when decoding dates form X.509 certificates https://bugzilla.redhat.com/show_bug.cgi?id=1126272 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update mariadb' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|