Oval Definition:oval:org.opensuse.security:def:79058
Revision Date:2017-08-03Version:1
Title:Security update for mariadb (Important)
Description:

This MariaDB update to version 10.0.31 GA fixes the following issues:

Security issues fixed: - CVE-2017-3308: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3456: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3464: Subcomponent: Server: DDL: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715)

Bug fixes: - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service in order to follow the upstream. It also fixes hanging mysql-systemd-helper when mariadb fails (e.g. because of the misconfiguration) (bsc#963041) - XtraDB updated to 5.6.36-82.0 - TokuDB updated to 5.6.36-82.0 - Innodb updated to 5.6.36 - Performance Schema updated to 5.6.36

Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10031-release-notes - https://kb.askmonty.org/en/mariadb-10031-changelog

Family:unixClass:patch
Status:Reference(s):1048715
963041
CVE-2017-3308
CVE-2017-3309
CVE-2017-3453
CVE-2017-3456
CVE-2017-3464
SUSE-SU-2017:2035-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libmysqlclient18-10.0.31-29.3.1 is installed
  • OR libmysqlclient18-32bit-10.0.31-29.3.1 is installed
  • OR libmysqlclient_r18-10.0.31-29.3.1 is installed
  • OR libmysqlclient_r18-32bit-10.0.31-29.3.1 is installed
  • OR mariadb-10.0.31-29.3.1 is installed
  • OR mariadb-client-10.0.31-29.3.1 is installed
  • OR mariadb-errormessages-10.0.31-29.3.1 is installed
    • BACK