Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in MariaDB
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in MariaDB
ID: FEDORA-2014-16003
Distribution: Fedora
Plattformen: Fedora 20
Datum: Fr, 12. Dezember 2014, 07:56
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564
Applikationen: MariaDB

Originalnachricht

Name        : mariadb
Product : Fedora 20
Version : 5.5.40
Release : 1.fc20
URL : http://mariadb.org
Summary : A community developed branch of MySQL
Description :
MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

-------------------------------------------------------------------------------
-
Update Information:

This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540-changelog and also couple of security issues.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Oct 14 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.40-1
- Rebase to 5.5.40
* Fri Aug 22 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.39-1
- Update to 5.5.39
* Fri Jun 27 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.38-3
- Add compatible libmysqlclient_18 version for symbols
Resolves: #1111776
* Thu Jun 19 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.38-2
- Enable TokuDB engine for x86_64
- Re-enable tokudb_innodb_xa_crash again, seems to be fixed now
Resolves: #1074488
* Wed Jun 18 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.38-1
- Rebase to 5.5.38
https://kb.askmonty.org/en/mariadb-5538-changelog/
* Thu Apr 17 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.37-1
- Update to MariaDB 5.5.37, for various fixes described at
https://kb.askmonty.org/en/mariadb-5537-changelog/
Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432
CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
* Thu Mar 6 2014 Honza Horak <hhorak@redhat.com> - 1:5.5.36-1
- Rebase to 5.5.36
https://kb.askmonty.org/en/mariadb-5536-changelog/
* Wed Feb 5 2014 Honza Horak <hhorak@redhat.com> 1:5.5.35-3
- Do not touch the log file in post script, so it does not get wrong owner
Resolves: #1061045
* Thu Jan 30 2014 Honza Horak <hhorak@redhat.com> 1:5.5.35-1
- Rebase to 5.5.35
https://kb.askmonty.org/en/mariadb-5535-changelog/
Also fixes: CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908,
CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401,
CVE-2014-0402
Resolves: #1054043
Resolves: #1059546
* Wed Jan 8 2014 Honza Horak <hhorak@redhat.com> 1:5.5.34-4
- Read socketfile location in mariadb-prepare-db-dir script
* Mon Jan 6 2014 Honza Horak <hhorak@redhat.com> 1:5.5.34-3
- Don't test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from
openssl
which now makes mariadb/mysql FTBFS because openssl_1 test fails
Related: #1044565
- Check if socket file is not being used by another process at a time
of starting the service
Related: #1045435
- Use %ghost directive for the log file
Related: 1043501
* Wed Nov 27 2013 Honza Horak <hhorak@redhat.com> 1:5.5.34-2
- Fix mariadb-wait-ready script
* Fri Nov 22 2013 Honza Horak <hhorak@redhat.com> 1:5.5.34-1
- Rebase to 5.5.34
* Mon Nov 4 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-4
- Fix spec file to be ready for backport by Oden Eriksson
Resolves: #1026404
* Mon Nov 4 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-3
- Add pam-devel to build-requires in order to build
Related: #1019945
- Check if correct process is running in mysql-wait-ready script
Related: #1026313
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1153461 - CVE-2014-4287 mysql: unspecified vulnerability related
to SERVER:CHARACTER SETS (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153461
[ 2 ] Bug #1153462 - CVE-2014-6463 mysql: unspecified vulnerability related
to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153462
[ 3 ] Bug #1153463 - CVE-2014-6464 mysql: unspecified vulnerability related
to SERVER:INNODB DML FOREIGN KEYS (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153463
[ 4 ] Bug #1153464 - CVE-2014-6469 mysql: unspecified vulnerability related
to SERVER:OPTIMIZER (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153464
[ 5 ] Bug #1153467 - CVE-2014-6484 mysql: unspecified vulnerability related
to SERVER:DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153467
[ 6 ] Bug #1153489 - CVE-2014-6505 mysql: unspecified vulnerability related
to SERVER:MEMORY STORAGE ENGINE (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153489
[ 7 ] Bug #1153490 - CVE-2014-6507 mysql: unspecified vulnerability related
to SERVER:DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153490
[ 8 ] Bug #1153491 - CVE-2014-6520 mysql: unspecified vulnerability related
to SERVER:DDL (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153491
[ 9 ] Bug #1153493 - CVE-2014-6530 mysql: unspecified vulnerability related
to CLIENT:MYSQLDUMP (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153493
[ 10 ] Bug #1153494 - CVE-2014-6551 mysql: unspecified vulnerability related
to CLIENT:MYSQLADMIN (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153494
[ 11 ] Bug #1153495 - CVE-2014-6555 mysql: unspecified vulnerability related
to SERVER:DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153495
[ 12 ] Bug #1153496 - CVE-2014-6559 mysql: unspecified vulnerability related
to C API SSL CERTIFICATE HANDLING (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153496
[ 13 ] Bug #1153497 - CVE-2014-6564 mysql: unspecified vulnerability related
to SERVER:INNODB FULLTEXT SEARCH DML (CPU October 2014)
https://bugzilla.redhat.com/show_bug.cgi?id=1153497
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update mariadb' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung