Security update for mariadb
Announcement ID: | SUSE-SU-2018:1382-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 12 vulnerabilities can now be installed.
Description:
MariaDB was updated to 10.0.35 (bsc#1090518)
Notable changes:
- PCRE updated to 8.42
- XtraDB updated to 5.6.39-83.1
- TokuDB updated to 5.6.39-83.1
- InnoDB updated to 5.6.40
- The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767]
- MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE
- MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state
- MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index
- MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record
- fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813
-
Release notes and changelog:
- https://kb.askmonty.org/en/mariadb-10035-release-notes
- https://kb.askmonty.org/en/mariadb-10035-changelog
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 12 LTSS 12
zypper in -t patch SUSE-SLE-SERVER-12-2018-966=1
Package List:
-
SUSE Linux Enterprise Server 12 LTSS 12 (ppc64le s390x x86_64)
- libmysqld-devel-10.0.35-20.46.1
- mariadb-tools-debuginfo-10.0.35-20.46.1
- libmysqlclient18-debuginfo-10.0.35-20.46.1
- mariadb-errormessages-10.0.35-20.46.1
- libmysqlclient18-10.0.35-20.46.1
- libmysqld18-debuginfo-10.0.35-20.46.1
- libmysqlclient_r18-10.0.35-20.46.1
- libmysqlclient-devel-10.0.35-20.46.1
- mariadb-tools-10.0.35-20.46.1
- libmysqld18-10.0.35-20.46.1
- mariadb-client-debuginfo-10.0.35-20.46.1
- mariadb-10.0.35-20.46.1
- mariadb-debugsource-10.0.35-20.46.1
- mariadb-debuginfo-10.0.35-20.46.1
- mariadb-client-10.0.35-20.46.1
-
SUSE Linux Enterprise Server 12 LTSS 12 (s390x x86_64)
- libmysqlclient18-debuginfo-32bit-10.0.35-20.46.1
- libmysqlclient18-32bit-10.0.35-20.46.1
References:
- https://www.suse.com/security/cve/CVE-2018-2755.html
- https://www.suse.com/security/cve/CVE-2018-2761.html
- https://www.suse.com/security/cve/CVE-2018-2766.html
- https://www.suse.com/security/cve/CVE-2018-2767.html
- https://www.suse.com/security/cve/CVE-2018-2771.html
- https://www.suse.com/security/cve/CVE-2018-2781.html
- https://www.suse.com/security/cve/CVE-2018-2782.html
- https://www.suse.com/security/cve/CVE-2018-2784.html
- https://www.suse.com/security/cve/CVE-2018-2787.html
- https://www.suse.com/security/cve/CVE-2018-2813.html
- https://www.suse.com/security/cve/CVE-2018-2817.html
- https://www.suse.com/security/cve/CVE-2018-2819.html
- https://bugzilla.suse.com/show_bug.cgi?id=1088681
- https://bugzilla.suse.com/show_bug.cgi?id=1090518