Lucene search

K
redhatRedHatRHSA-2018:2439
HistoryAug 16, 2018 - 12:46 p.m.

(RHSA-2018:2439) Moderate: mariadb security and bug fix update

2018-08-1612:46:48
access.redhat.com
180

0.004 Low

EPSS

Percentile

72.8%

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)

Security Fix(es):

  • mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)

  • mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)

  • mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)

  • mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)

  • mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)

  • mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)

  • mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)

  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  • mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)

  • mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)

  • mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)

  • mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)