Issued:

2018-08-16

Updated:

2018-08-16

RHSA-2018:2439 - Moderate: mariadb security and bug fix update

Synopsis

Moderate: mariadb security and bug fix update

Type/Severity

Security Advisory Moderate

Topic

An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)

Security Fix(es):

• mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)

• mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)

• mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)

• mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)

• mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)

• mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)

• mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)

• mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)

• mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)

• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)

• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)

• mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)

• mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

• mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)

• mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)

• mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)

• mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)

• mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)

• mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)

• mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)

• mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Affected Products

Updated Packages

• mariadb-embedded-devel-5.5.60-1.el7_5.ppc.rpm
• mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm
• mariadb-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-bench-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-5.5.60-1.el7_5.src.rpm
• mariadb-test-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-embedded-5.5.60-1.el7_5.s390.rpm
• mariadb-libs-5.5.60-1.el7_5.aarch64.rpm
• mariadb-libs-5.5.60-1.el7_5.i686.rpm
• mariadb-debuginfo-5.5.60-1.el7_5.ppc.rpm
• mariadb-embedded-devel-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-devel-5.5.60-1.el7_5.x86_64.rpm
• mariadb-devel-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-embedded-5.5.60-1.el7_5.s390x.rpm
• mariadb-test-5.5.60-1.el7_5.ppc64.rpm
• mariadb-5.5.60-1.el7_5.ppc64.rpm
• mariadb-embedded-devel-5.5.60-1.el7_5.aarch64.rpm
• mariadb-test-5.5.60-1.el7_5.x86_64.rpm
• mariadb-5.5.60-1.el7_5.s390x.rpm
• mariadb-test-5.5.60-1.el7_5.s390x.rpm
• mariadb-debuginfo-5.5.60-1.el7_5.ppc64.rpm
• mariadb-embedded-5.5.60-1.el7_5.ppc64.rpm
• mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-5.5.60-1.el7_5.x86_64.rpm
• mariadb-embedded-5.5.60-1.el7_5.ppc.rpm
• mariadb-libs-5.5.60-1.el7_5.x86_64.rpm
• mariadb-libs-5.5.60-1.el7_5.ppc.rpm
• mariadb-libs-5.5.60-1.el7_5.ppc64.rpm
• mariadb-embedded-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-server-5.5.60-1.el7_5.x86_64.rpm
• mariadb-devel-5.5.60-1.el7_5.ppc.rpm
• mariadb-bench-5.5.60-1.el7_5.x86_64.rpm
• mariadb-devel-5.5.60-1.el7_5.s390x.rpm
• mariadb-libs-5.5.60-1.el7_5.s390x.rpm
• mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
• mariadb-server-5.5.60-1.el7_5.s390x.rpm
• mariadb-libs-5.5.60-1.el7_5.s390.rpm
• mariadb-devel-5.5.60-1.el7_5.aarch64.rpm
• mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm
• mariadb-devel-5.5.60-1.el7_5.i686.rpm
• mariadb-embedded-5.5.60-1.el7_5.aarch64.rpm
• mariadb-embedded-devel-5.5.60-1.el7_5.s390x.rpm
• mariadb-devel-5.5.60-1.el7_5.ppc64.rpm
• mariadb-bench-5.5.60-1.el7_5.s390x.rpm
• mariadb-server-5.5.60-1.el7_5.aarch64.rpm
• mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
• mariadb-embedded-devel-5.5.60-1.el7_5.ppc64.rpm
• mariadb-devel-5.5.60-1.el7_5.s390.rpm
• mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm
• mariadb-server-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-5.5.60-1.el7_5.aarch64.rpm
• mariadb-test-5.5.60-1.el7_5.aarch64.rpm
• mariadb-libs-5.5.60-1.el7_5.ppc64le.rpm
• mariadb-debuginfo-5.5.60-1.el7_5.aarch64.rpm
• mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm
• mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm
• mariadb-embedded-5.5.60-1.el7_5.i686.rpm
• mariadb-embedded-devel-5.5.60-1.el7_5.s390.rpm
• mariadb-bench-5.5.60-1.el7_5.aarch64.rpm
• mariadb-server-5.5.60-1.el7_5.ppc64.rpm
• mariadb-bench-5.5.60-1.el7_5.ppc64.rpm

Fixes

• This content is not included.BZ - 1472686
• This content is not included.BZ - 1472693
• This content is not included.BZ - 1472708
• This content is not included.BZ - 1472711
• This content is not included.BZ - 1503656
• This content is not included.BZ - 1503684
• This content is not included.BZ - 1503685
• This content is not included.BZ - 1503686
• This content is not included.BZ - 1535484
• This content is not included.BZ - 1535499
• This content is not included.BZ - 1535500
• This content is not included.BZ - 1535504
• This content is not included.BZ - 1535506
• This content is not included.BZ - 1564965
• This content is not included.BZ - 1568921
• This content is not included.BZ - 1568924
• This content is not included.BZ - 1568931
• This content is not included.BZ - 1568942
• This content is not included.BZ - 1568951
• This content is not included.BZ - 1568954
• This content is not included.BZ - 1568956
• This content is not included.BZ - 1584023
• This content is not included.BZ - 1584024
• This content is not included.BZ - 1584029

CVEs

• CVE-2017-3636
• CVE-2017-3641
• CVE-2017-3651
• CVE-2017-3653
• CVE-2017-10268
• CVE-2017-10378
• CVE-2017-10379
• CVE-2017-10384
• CVE-2018-2562
• CVE-2018-2622
• CVE-2018-2640
• CVE-2018-2665
• CVE-2018-2668
• CVE-2018-2755
• CVE-2018-2761
• CVE-2018-2767
• CVE-2018-2771
• CVE-2018-2781
• CVE-2018-2813
• CVE-2018-2817
• CVE-2018-2819
• CVE-2018-3133
• CVE-2019-2455

References

• https://access.redhat.com/security/updates/classification/#moderate

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.