Oval Definition:oval:com.redhat.rhsa:def:20182439
Revision Date:2018-08-16Version:640
Title:RHSA-2018:2439: mariadb security and bug fix update (Moderate)
Description:MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

  • The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)

    Security Fix(es):

  • mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)

  • mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)

  • mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)

  • mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)

  • mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)

  • mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)

  • mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)

  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  • mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)

  • mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)

  • mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)

  • mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

  • Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    • Family:unixClass:patch
    Status:Reference(s):CVE-2017-10268
    CVE-2017-10378
    CVE-2017-10379
    CVE-2017-10384
    CVE-2017-3636
    CVE-2017-3641
    CVE-2017-3651
    CVE-2017-3653
    CVE-2018-2562
    CVE-2018-2622
    CVE-2018-2640
    CVE-2018-2665
    CVE-2018-2668
    CVE-2018-2755
    CVE-2018-2761
    CVE-2018-2767
    CVE-2018-2771
    CVE-2018-2781
    CVE-2018-2813
    CVE-2018-2817
    CVE-2018-2819
    CVE-2018-3133
    CVE-2019-2455
    RHSA-2018:2439
    RHSA-2018:2439-00
    RHSA-2018:2439-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • mariadb is earlier than 1:5.5.60-1.el7_5
  • AND mariadb is signed with Red Hat redhatrelease2 key
  • mariadb-bench is earlier than 1:5.5.60-1.el7_5
  • AND mariadb-bench is signed with Red Hat redhatrelease2 key
  • mariadb-devel is earlier than 1:5.5.60-1.el7_5
  • AND mariadb-devel is signed with Red Hat redhatrelease2 key
  • mariadb-embedded is earlier than 1:5.5.60-1.el7_5
  • AND mariadb-embedded is signed with Red Hat redhatrelease2 key
  • mariadb-embedded-devel is earlier than 1:5.5.60-1.el7_5
  • AND mariadb-embedded-devel is signed with Red Hat redhatrelease2 key
  • mariadb-libs is earlier than 1:5.5.60-1.el7_5
  • AND mariadb-libs is signed with Red Hat redhatrelease2 key
  • mariadb-server is earlier than 1:5.5.60-1.el7_5
  • AND mariadb-server is signed with Red Hat redhatrelease2 key
  • mariadb-test is earlier than 1:5.5.60-1.el7_5
  • AND mariadb-test is signed with Red Hat redhatrelease2 key
    • BACK