This MariaDB update to version 10.0.31 GA fixes the following issues:
Security issues fixed:
- CVE-2017-3308: Subcomponent: Server: DML: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
- CVE-2017-3309: Subcomponent: Server: Optimizer: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
- CVE-2017-3453: Subcomponent: Server: Optimizer: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
- CVE-2017-3456: Subcomponent: Server: DML: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
- CVE-2017-3464: Subcomponent: Server: DDL: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
Bug fixes:
- switch from ‘Restart=on-failure’ to ‘Restart=on-abort’ in mysql.service
in order to follow the upstream. It also fixes hanging
mysql-systemd-helper when mariadb fails (e.g. because of the
misconfiguration) (bsc#963041)
- XtraDB updated to 5.6.36-82.0
- TokuDB updated to 5.6.36-82.0
- Innodb updated to 5.6.36
- Performance Schema updated to 5.6.36
Release notes and changelog:
This update was imported from the SUSE:SLE-12-SP1:Update update project.