Lucene search

K
suseSuseOPENSUSE-SU-2017:2119-1
HistoryAug 10, 2017 - 3:10 a.m.

Security update for mariadb (important)

2017-08-1003:10:27
lists.opensuse.org
61

0.003 Low

EPSS

Percentile

64.5%

This MariaDB update to version 10.0.31 GA fixes the following issues:

Security issues fixed:

  • CVE-2017-3308: Subcomponent: Server: DML: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)
  • CVE-2017-3309: Subcomponent: Server: Optimizer: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)
  • CVE-2017-3453: Subcomponent: Server: Optimizer: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)
  • CVE-2017-3456: Subcomponent: Server: DML: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)
  • CVE-2017-3464: Subcomponent: Server: DDL: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)

Bug fixes:

  • switch from ‘Restart=on-failure’ to ‘Restart=on-abort’ in mysql.service
    in order to follow the upstream. It also fixes hanging
    mysql-systemd-helper when mariadb fails (e.g. because of the
    misconfiguration) (bsc#963041)
  • XtraDB updated to 5.6.36-82.0
  • TokuDB updated to 5.6.36-82.0
  • Innodb updated to 5.6.36
  • Performance Schema updated to 5.6.36

Release notes and changelog:

This update was imported from the SUSE:SLE-12-SP1:Update update project.