Security update for mariadb

Announcement ID: SUSE-SU-2017:2921-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2017-3636 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2017-3636 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2017-3636 ( NVD ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2017-3641 ( SUSE ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3641 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3641 ( NVD ): 4.9 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3653 ( SUSE ): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
  • CVE-2017-3653 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
  • CVE-2017-3653 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products:
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 LTSS 12
  • SUSE Linux Enterprise Server for SAP Applications 12

An update that solves three vulnerabilities and has three security fixes can now be installed.

Description:

This update for mariadb fixes several issues.

These security issues were fixed:

  • CVE-2017-3636: Client programs had an unspecified vulnerability that could lead to unauthorized access and denial of service [bsc#1049399]
  • CVE-2017-3641: DDL unspecified vulnerability could lead to denial of service [bsc#1049404]
  • CVE-2017-3653: DML Unspecified vulnerability could lead to unauthorized database access [bsc#1049417]

This non-security issues was fixed:

  • Add ODBC support for Connect engine [bsc#1039034]
  • fixed stack frame size detection for the bundled pcre [bsc#1058722]

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server for SAP Applications 12
    zypper in -t patch SUSE-SLE-SAP-12-2017-1807=1
  • SUSE Linux Enterprise Server 12 LTSS 12
    zypper in -t patch SUSE-SLE-SERVER-12-2017-1807=1

Package List:

  • SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
    • mariadb-debuginfo-10.0.32-20.36.1
    • libmysqlclient_r18-10.0.32-20.36.1
    • libmysqlclient18-32bit-10.0.32-20.36.1
    • mariadb-errormessages-10.0.32-20.36.1
    • libmysqlclient18-debuginfo-10.0.32-20.36.1
    • mariadb-debugsource-10.0.32-20.36.1
    • libmysqld18-debuginfo-10.0.32-20.36.1
    • libmysqlclient18-debuginfo-32bit-10.0.32-20.36.1
    • libmysqlclient18-10.0.32-20.36.1
    • mariadb-client-debuginfo-10.0.32-20.36.1
    • libmysqld-devel-10.0.32-20.36.1
    • mariadb-10.0.32-20.36.1
    • mariadb-client-10.0.32-20.36.1
    • libmysqld18-10.0.32-20.36.1
    • libmysqlclient-devel-10.0.32-20.36.1
    • mariadb-tools-10.0.32-20.36.1
    • mariadb-tools-debuginfo-10.0.32-20.36.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (ppc64le s390x x86_64)
    • mariadb-debuginfo-10.0.32-20.36.1
    • libmysqlclient_r18-10.0.32-20.36.1
    • mariadb-errormessages-10.0.32-20.36.1
    • libmysqlclient18-debuginfo-10.0.32-20.36.1
    • mariadb-debugsource-10.0.32-20.36.1
    • libmysqld18-debuginfo-10.0.32-20.36.1
    • libmysqlclient18-10.0.32-20.36.1
    • mariadb-client-debuginfo-10.0.32-20.36.1
    • libmysqld-devel-10.0.32-20.36.1
    • mariadb-10.0.32-20.36.1
    • mariadb-client-10.0.32-20.36.1
    • libmysqld18-10.0.32-20.36.1
    • libmysqlclient-devel-10.0.32-20.36.1
    • mariadb-tools-10.0.32-20.36.1
    • mariadb-tools-debuginfo-10.0.32-20.36.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (s390x x86_64)
    • libmysqlclient18-debuginfo-32bit-10.0.32-20.36.1
    • libmysqlclient18-32bit-10.0.32-20.36.1

References: