[SECURITY] [DSA 3955-1] mariadb-10.1 security update

2017-08-2614:01:33

lists.debian.org

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA-3955-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 26, 2017 https://www.debian.org/security/faq

Package : mariadb-10.1
CVE ID : CVE-2017-3636 CVE-2017-3641 CVE-2017-3653

Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.1.26. Please see the MariaDB 10.1 Release Notes for further
details:

https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10125-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10126-release-notes/

For the stable distribution (stretch), these problems have been fixed in
version 10.1.26-0+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 10.1.26-1.

We recommend that you upgrade your mariadb-10.1 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9armelmariadb-plugin-cracklib-password-check-dbgsym< 10.1.26-0+deb9u1mariadb-plugin-cracklib-password-check-dbgsym_10.1.26-0+deb9u1_armel.deb
Debian8s390xmysql-server-5.5< 5.5.57-0+deb8u1mysql-server-5.5_5.5.57-0+deb8u1_s390x.deb
Debian9mipselmariadb-plugin-cracklib-password-check-dbgsym< 10.1.26-0+deb9u1mariadb-plugin-cracklib-password-check-dbgsym_10.1.26-0+deb9u1_mipsel.deb
Debian7amd64libmysqlclient18< 5.5.57-0+deb7u1libmysqlclient18_5.5.57-0+deb7u1_amd64.deb
Debian7allmysql-client< 5.5.57-0+deb7u1mysql-client_5.5.57-0+deb7u1_all.deb
Debian8ppc64elmysql-testsuite-5.5< 5.5.57-0+deb8u1mysql-testsuite-5.5_5.5.57-0+deb8u1_ppc64el.deb
Debian9amd64mariadb-server-core-10.1< 10.1.26-0+deb9u1mariadb-server-core-10.1_10.1.26-0+deb9u1_amd64.deb
Debian9ppc64elmariadb-plugin-connect< 10.1.26-0+deb9u1mariadb-plugin-connect_10.1.26-0+deb9u1_ppc64el.deb
Debian9armhfmariadb-plugin-mroonga< 10.1.26-0+deb9u1mariadb-plugin-mroonga_10.1.26-0+deb9u1_armhf.deb
Debian9mipselmariadb-plugin-cracklib-password-check< 10.1.26-0+deb9u1mariadb-plugin-cracklib-password-check_10.1.26-0+deb9u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	mariadb-plugin-cracklib-password-check-dbgsym	< 10.1.26-0+deb9u1	mariadb-plugin-cracklib-password-check-dbgsym_10.1.26-0+deb9u1_armel.deb
Debian	8	s390x	mysql-server-5.5	< 5.5.57-0+deb8u1	mysql-server-5.5_5.5.57-0+deb8u1_s390x.deb
Debian	9	mipsel	mariadb-plugin-cracklib-password-check-dbgsym	< 10.1.26-0+deb9u1	mariadb-plugin-cracklib-password-check-dbgsym_10.1.26-0+deb9u1_mipsel.deb
Debian	7	amd64	libmysqlclient18	< 5.5.57-0+deb7u1	libmysqlclient18_5.5.57-0+deb7u1_amd64.deb
Debian	7	all	mysql-client	< 5.5.57-0+deb7u1	mysql-client_5.5.57-0+deb7u1_all.deb
Debian	8	ppc64el	mysql-testsuite-5.5	< 5.5.57-0+deb8u1	mysql-testsuite-5.5_5.5.57-0+deb8u1_ppc64el.deb
Debian	9	amd64	mariadb-server-core-10.1	< 10.1.26-0+deb9u1	mariadb-server-core-10.1_10.1.26-0+deb9u1_amd64.deb
Debian	9	ppc64el	mariadb-plugin-connect	< 10.1.26-0+deb9u1	mariadb-plugin-connect_10.1.26-0+deb9u1_ppc64el.deb
Debian	9	armhf	mariadb-plugin-mroonga	< 10.1.26-0+deb9u1	mariadb-plugin-mroonga_10.1.26-0+deb9u1_armhf.deb
Debian	9	mipsel	mariadb-plugin-cracklib-password-check	< 10.1.26-0+deb9u1	mariadb-plugin-cracklib-password-check_10.1.26-0+deb9u1_mipsel.deb