Security update for mariadb

Announcement ID: SUSE-SU-2017:1311-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-3302 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3313 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2017-3313 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 LTSS 12
  • SUSE Linux Enterprise Server for SAP Applications 12

An update that solves two vulnerabilities and has two security fixes can now be installed.

Description:

This update for mariadb fixes the following issues:

  • update to MariaDB 10.0.30 GA
  • notable changes:
    • XtraDB updated to 5.6.35-80.0
    • TokuDB updated to 5.6.35-80.0
    • PCRE updated to 8.40
    • MDEV-11027: better InnoDB crash recovery progress reporting
    • MDEV-11520: improvements to how InnoDB data files are extended
    • Improvements to InnoDB startup/shutdown to make it more robust
    • MDEV-11233: fix for FULLTEXT index crash
    • MDEV-6143: MariaDB Linux binary tarballs will now always untar to directories that match their filename
  • release notes and changelog:
    • https://kb.askmonty.org/en/mariadb-10030-release-notes
    • https://kb.askmonty.org/en/mariadb-10030-changelog
  • fixes the following CVEs: CVE-2017-3313: unspecified vulnerability affecting the MyISAM component [bsc#1020890] CVE-2017-3302: Use after free in libmysqlclient.so [bsc#1022428]
  • set the default umask to 077 in rc.mysql-multi [bsc#1020976]
  • [bsc#1034911] - tracker bug
  • increase build disk size from 10 GB to 13 GB in order to fix build for aarch64

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server for SAP Applications 12
    zypper in -t patch SUSE-SLE-SAP-12-2017-792=1
  • SUSE Linux Enterprise Server 12 LTSS 12
    zypper in -t patch SUSE-SLE-SERVER-12-2017-792=1

Package List:

  • SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
    • libmysqlclient18-debuginfo-32bit-10.0.30-20.26.1
    • libmysqld18-debuginfo-10.0.30-20.26.1
    • libmysqlclient18-debuginfo-10.0.30-20.26.1
    • mariadb-tools-debuginfo-10.0.30-20.26.1
    • mariadb-debugsource-10.0.30-20.26.1
    • libmysqlclient-devel-10.0.30-20.26.1
    • libmysqld18-10.0.30-20.26.1
    • mariadb-10.0.30-20.26.1
    • mariadb-client-debuginfo-10.0.30-20.26.1
    • mariadb-errormessages-10.0.30-20.26.1
    • mariadb-client-10.0.30-20.26.1
    • libmysqld-devel-10.0.30-20.26.1
    • libmysqlclient18-10.0.30-20.26.1
    • libmysqlclient18-32bit-10.0.30-20.26.1
    • mariadb-tools-10.0.30-20.26.1
    • mariadb-debuginfo-10.0.30-20.26.1
    • libmysqlclient_r18-10.0.30-20.26.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (x86_64)
    • libmysqlclient18-debuginfo-32bit-10.0.30-20.26.1
    • libmysqld18-debuginfo-10.0.30-20.26.1
    • libmysqlclient18-debuginfo-10.0.30-20.26.1
    • mariadb-tools-debuginfo-10.0.30-20.26.1
    • mariadb-debugsource-10.0.30-20.26.1
    • libmysqlclient-devel-10.0.30-20.26.1
    • libmysqld18-10.0.30-20.26.1
    • mariadb-10.0.30-20.26.1
    • mariadb-client-debuginfo-10.0.30-20.26.1
    • mariadb-errormessages-10.0.30-20.26.1
    • mariadb-client-10.0.30-20.26.1
    • libmysqld-devel-10.0.30-20.26.1
    • libmysqlclient18-10.0.30-20.26.1
    • libmysqlclient18-32bit-10.0.30-20.26.1
    • mariadb-tools-10.0.30-20.26.1
    • mariadb-debuginfo-10.0.30-20.26.1
    • libmysqlclient_r18-10.0.30-20.26.1

References: