Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in MariaDB
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in MariaDB
ID: FEDORA-2017-2c0609b92a
Distribution: Fedora
Plattformen: Fedora 25
Datum: Sa, 17. Juni 2017, 13:05
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3308
https://bugzilla.redhat.com/show_bug.cgi?id=1459671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3243

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2017-2c0609b92a
2017-06-16 13:14:53.497492
-------------------------------------------------------------------------------
-

Name : mariadb
Product : Fedora 25
Version : 10.1.24
Release : 3.fc25
URL : http://mariadb.org
Summary : A community developed branch of MySQL
Description :
MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

-------------------------------------------------------------------------------
-
Update Information:

**Rebase to 10.1.24** Plugin oqgraph enabled Plugin jemalloc enabled
Sphinx engine enabled Build dependecies Bison and Libarchive added, others
corrected Disabling Mroonga engine for i686 architecture, as it is not
supported by MariaDB **Removed patches: (fixed by upstream)** Patch5:
%{pkgnamepatch}-file-contents.patch Patch14:
%{pkgnamepatch}-example-config-
files.patch Patch31: %{pkgnamepatch}-string-overflow.patch Patch32:
%{pkgnamepatch}-basedir.patch Patch41: %{pkgnamepatch}-galera-new-cluster-
help.patch **CVEs fix** CVE-2017-3313 CVE-2017-3308 CVE-2017-3309
CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 **Testsuite** Enabled
'--big-test' option for the testsuite Disabled '--skip-rpl'
option for the
testsuite = replication tests enabled **Warning** Some Spider tests
started to fail, the engine can be probabbly unsafe now. **Aditional bugs
solved:** #1459671: mariadb fails to start with tokudb; jemalloc not
correctly enabled ---- **Rebase to 10.1.24** Plugin oqgraph enabled
Plugin jemalloc enabled Sphinx engine enabled Build dependecies Bison
and Libarchive added, others corrected Disabling Mroonga engine for i686
architecture, as it is not supported by MariaDB **Removed patches: (fixed by
upstream)** Patch5: %{pkgnamepatch}-file-contents.patch Patch14:
%{pkgnamepatch}-example-config-files.patch Patch31:
%{pkgnamepatch}-string-
overflow.patch Patch32: %{pkgnamepatch}-basedir.patch Patch41:
%{pkgnamepatch}-galera-new-cluster-help.patch **CVEs fix** CVE-2017-3313
CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456
CVE-2017-3464 **Testsuite** Enabled '--big-test' option for the
testsuite
Disabled '--skip-rpl' option for the testsuite = replication tests
enabled
**Warning** Some Spider tests started to fail, the engine can be probabbly
unsafe now. **Aditional bugs solved:** #1459671: mariadb fails to start
with tokudb; jemalloc not correctly enabled ---- **Rebase to 10.1.24**
Plugin oqgraph enabled Plugin jemalloc enabled Sphinx engine enabled
Build dependecies Bison and Libarchive added, others corrected Disabling
Mroonga engine for i686 architecture, as it is not supported by MariaDB
**Removed patches: (fixed by upstream)** Patch5: %{pkgnamepatch}-file-
contents.patch Patch14: %{pkgnamepatch}-example-config-files.patch
Patch31: %{pkgnamepatch}-string-overflow.patch Patch32:
%{pkgnamepatch}-basedir.patch Patch41: %{pkgnamepatch}-galera-new-
cluster-help.patch **CVEs fix** CVE-2017-3313 CVE-2017-3308
CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464
**Testsuite** Enabled '--big-test' option for the testsuite
Disabled
'--skip-rpl' option for the testsuite = replication tests enabled
**Warning**
Some Spider tests started to fail, the engine can be probabbly unsafe now.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1414387 - CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257
CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 mariadb: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1414387
[ 2 ] Bug #1459671 - mariadb fails to start with tokudb; jemalloc not
correctly enabled
https://bugzilla.redhat.com/show_bug.cgi?id=1459671
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade mariadb' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung