Security update for mariadb, mariadb-connector-c

Announcement ID:	SUSE-SU-2019:2330-1
Rating:	important
References:	bsc#1126088 bsc#1132666 bsc#1136035 bsc#1143215
Cross-References:	CVE-2019-2614 CVE-2019-2627 CVE-2019-2628
CVSS scores:	CVE-2019-2614 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-2614 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-2614 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-2627 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-2627 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-2627 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-2628 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-2628 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2019-2628 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

An update that solves three vulnerabilities and has one security fix can now be installed.

Description:

This update for mariadb and mariadb-connector-c fixes the following issues:

mariadb:

Update to version 10.2.25 (bsc#1136035)
CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035).
CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035).
CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035).
Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666).
Adjust mysql-systemd-helper ("shutdown protected MySQL" section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to "found left-over process" situation when regular mariadb is started (bsc#1143215).

mariadb-connector-c:

Update to version 3.1.2 (bsc#1136035)
Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE OpenStack Cloud 9
zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2330=1
SUSE OpenStack Cloud Crowbar 9
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2330=1
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP4
zypper in -t patch SUSE-SLE-BSK-12-SP4-2019-2330=1
SUSE Linux Enterprise Desktop 12 SP4
zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2330=1
SUSE Linux Enterprise High Performance Computing 12 SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2330=1
SUSE Linux Enterprise Server 12 SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2330=1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2330=1

Package List:

SUSE OpenStack Cloud 9 (x86_64)
- mariadb-debuginfo-10.2.25-3.19.2
- mariadb-debugsource-10.2.25-3.19.2
- mariadb-galera-10.2.25-3.19.2
SUSE OpenStack Cloud Crowbar 9 (x86_64)
- mariadb-debuginfo-10.2.25-3.19.2
- mariadb-debugsource-10.2.25-3.19.2
- mariadb-galera-10.2.25-3.19.2
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP4 (ppc64le s390x x86_64)
- mariadb-test-10.2.25-3.19.2
- mariadb-bench-debuginfo-10.2.25-3.19.2
- mariadb-test-debuginfo-10.2.25-3.19.2
- mariadb-bench-10.2.25-3.19.2
SUSE Linux Enterprise Desktop 12 SP4 (x86_64)
- mariadb-debuginfo-10.2.25-3.19.2
- libmariadb_plugins-3.1.2-2.6.6
- libmariadb3-debuginfo-3.1.2-2.6.6
- mariadb-client-10.2.25-3.19.2
- libmariadb3-3.1.2-2.6.6
- mariadb-debugsource-10.2.25-3.19.2
- mariadb-10.2.25-3.19.2
- mariadb-connector-c-debugsource-3.1.2-2.6.6
- mariadb-client-debuginfo-10.2.25-3.19.2
- libmariadb_plugins-debuginfo-3.1.2-2.6.6
SUSE Linux Enterprise Desktop 12 SP4 (noarch)
- mariadb-errormessages-10.2.25-3.19.2
SUSE Linux Enterprise High Performance Computing 12 SP4 (aarch64 x86_64)
- mariadb-debuginfo-10.2.25-3.19.2
- mariadb-tools-10.2.25-3.19.2
- mariadb-tools-debuginfo-10.2.25-3.19.2
- libmariadb_plugins-3.1.2-2.6.6
- libmariadb3-debuginfo-3.1.2-2.6.6
- mariadb-client-10.2.25-3.19.2
- libmariadb3-3.1.2-2.6.6
- mariadb-debugsource-10.2.25-3.19.2
- mariadb-10.2.25-3.19.2
- mariadb-connector-c-debugsource-3.1.2-2.6.6
- mariadb-client-debuginfo-10.2.25-3.19.2
- libmariadb_plugins-debuginfo-3.1.2-2.6.6
SUSE Linux Enterprise High Performance Computing 12 SP4 (noarch)
- mariadb-errormessages-10.2.25-3.19.2
SUSE Linux Enterprise Server 12 SP4 (aarch64 ppc64le s390x x86_64)
- mariadb-debuginfo-10.2.25-3.19.2
- mariadb-tools-10.2.25-3.19.2
- mariadb-tools-debuginfo-10.2.25-3.19.2
- libmariadb_plugins-3.1.2-2.6.6
- libmariadb3-debuginfo-3.1.2-2.6.6
- mariadb-client-10.2.25-3.19.2
- libmariadb3-3.1.2-2.6.6
- mariadb-debugsource-10.2.25-3.19.2
- mariadb-10.2.25-3.19.2
- mariadb-connector-c-debugsource-3.1.2-2.6.6
- mariadb-client-debuginfo-10.2.25-3.19.2
- libmariadb_plugins-debuginfo-3.1.2-2.6.6
SUSE Linux Enterprise Server 12 SP4 (noarch)
- mariadb-errormessages-10.2.25-3.19.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64)
- mariadb-debuginfo-10.2.25-3.19.2
- mariadb-tools-10.2.25-3.19.2
- mariadb-tools-debuginfo-10.2.25-3.19.2
- libmariadb_plugins-3.1.2-2.6.6
- libmariadb3-debuginfo-3.1.2-2.6.6
- mariadb-client-10.2.25-3.19.2
- libmariadb3-3.1.2-2.6.6
- mariadb-debugsource-10.2.25-3.19.2
- mariadb-10.2.25-3.19.2
- mariadb-connector-c-debugsource-3.1.2-2.6.6
- mariadb-client-debuginfo-10.2.25-3.19.2
- libmariadb_plugins-debuginfo-3.1.2-2.6.6
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch)
- mariadb-errormessages-10.2.25-3.19.2

Security update for mariadb, mariadb-connector-c

Description:

Patch Instructions:

Package List:

References: