Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in MariaDB
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in MariaDB
ID: FEDORA-2018-d955395c08
Distribution: Fedora
Plattformen: Fedora 26
Datum: Di, 22. Mai 2018, 18:12
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817
Applikationen: MariaDB

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-d955395c08
2018-05-22 14:28:36.839341
-------------------------------------------------------------------------------
-

Name : mariadb
Product : Fedora 26
Version : 10.1.33
Release : 1.fc26
URL : http://mariadb.org
Summary : A community developed branch of MySQL
Description :
MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

-------------------------------------------------------------------------------
-
Update Information:

**Update to 10.1.33** . **Release notes:**
https://mariadb.com/kb/en/library/mariadb-10133-release-notes/ **CVEs fixed:**
CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781
CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817
CVE-2018-2819
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu May 10 2018 Michal Schorm <mschorm@redhat.com> - 3:10.1.33-1
- Rebase to 10.1.33
* Thu Mar 29 2018 Michal Schorm <mschorm@redhat.com> - 3:10.1.32-2
- Move my_print_defaults from client to server to not collide with
community-mysql package
- Support --defaults-group-suffix properly in systemd unit file
Resolves: #1485777 #1540109
* Thu Mar 29 2018 Michal Schorm <mschorm@redhat.com> - 3:10.1.32-1
- Rebase to 10.1.32
* Thu Jan 25 2018 Michal Schorm <mschorm@redhat.com> - 3:10.1.31-1
- Rebase to 10.1.31
* Thu Jan 25 2018 Michal Schorm <mschorm@redhat.com> - 3:10.1.30-2
- Use downstream tmpfiles instead of the upstream one
Related: #1538066
* Tue Jan 9 2018 Michal Schorm <mschorm@redhat.com> - 3:10.1.30-1
- Fix cmake arguments (blocked debug builds)
- Fix loading of skipped tests files (omitted ppc list)
* Sat Dec 23 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.30-1
- Rebase to 10.1.30
* Tue Nov 21 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.29-1
- Rebase to 10.1.29
* Wed Oct 4 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.28-1
- Rebase to 10.1.28
* Mon Aug 14 2017 Honza Horak <hhorak@redhat.com> - 3:10.1.26-2
- Backport openssl 1.1 support from MariaDB 10.2
* Mon Aug 14 2017 Honza Horak <hhorak@redhat.com> - 3:10.1.26-1
- Upgrade to 10.1.26
* Mon Jul 10 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.25-2
- Disable DTrace
- Remove mysql-wait-* scripts. They aren't needed when using systemd
"Type=notify"
* Mon Jul 10 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.25-1
- Rebase to 10.1.25
- Disable plugins 'cracklib' and 'gssapi' by default
- Related: #1468028, #1464070
- Looks like the testsuite removes its 'var' content correctly,
no need to do that explicitly.
* Fri Jul 7 2017 Igor Gnatenko <ignatenko@redhat.com> - 3:10.1.24-5
- Rebuild due to bug in RPM (RHBZ #1468476)
* Mon Jun 19 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.24-4
- Use "/run" location instead of "/var/run" symlink
- Related: #1455811
- Remove AppArmor files
* Fri Jun 9 2017 Honza Horak <hhorak@redhat.com> - 3:10.1.24-3
- Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265
- Resolves: #1458940
- Check properly that datadir includes only expected files
- Related: #1356897
* Wed Jun 7 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.24-2
- Fixed incorrect Jemalloc initialization; #1459671
* Fri Jun 2 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.24-1
- Rebase to 10.1.24
- Build dependecies Bison and Libarchive added, others corrected
- Disabling Mroonga engine for i686 architecture, as it is not supported by
MariaDB
- Removed patches: (fixed by upstream)
Patch5: mariadb-file-contents.patch
Patch14: mariadb-example-config-files.patch
Patch31: mariadb-string-overflow.patch
Patch32: mariadb-basedir.patch
Patch41: mariadb-galera-new-cluster-help.patch
- Resolves: rhbz#1414387
CVE-2017-3313
- Resolves partly: rhbz#1443408
CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464
* Tue May 23 2017 Michal Schorm <mschorm@redhat.com> - 3:10.1.21-6
- Plugin oqgraph enabled
- Plugin jemalloc enabled
- 'force' option for 'rm' removed
- Enabled '--big-test' option for the testsuite
- Disabled '--skip-rpl' option for the testsuite = replication tests
enabled
- Multilib manpage added
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1568964 - CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771
CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 mariadb: various flaws [fedora-26]
https://bugzilla.redhat.com/show_bug.cgi?id=1568964
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-d955395c08' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7UF6XVJNCHPSN5BBYHUX267XZGFVP5P/
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung