You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa mariadb

Sigurnosni nedostaci programskog paketa mariadb

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: mariadb security and bug fix update
Advisory ID: RHSA-2019:2327-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2327
Issue date: 2019-08-06
CVE Names: CVE-2018-3058 CVE-2018-3063 CVE-2018-3066
CVE-2018-3081 CVE-2018-3282 CVE-2019-2503
CVE-2019-2529 CVE-2019-2614 CVE-2019-2627
=====================================================================

1. Summary:

An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.

The following packages have been upgraded to a later upstream version:
mariadb (5.5.64). (BZ#1610986, BZ#1664043)

Security Fix(es):

* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2018) (CVE-2018-3063)

* mysql: Client programs unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3081)

* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3282)

* mysql: Server: Connection Handling unspecified vulnerability (CPU Jan
2019) (CVE-2019-2503)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)
(CVE-2019-2529)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
(CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr
2019) (CVE-2019-2627)

* mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3066)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1490398 – mysql_upgrade fails when the same stored procedure name to uppercase and lowercase database names exists.
1598095 – problem with fuser usage during init
1602356 – CVE-2018-3058 mysql: MyISAM unspecified vulnerability (CPU Jul 2018)
1602363 – CVE-2018-3063 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018)
1602366 – CVE-2018-3066 mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
1602424 – CVE-2018-3081 mysql: Client programs unspecified vulnerability (CPU Jul 2018)
1625196 – fcontext missing for mysqld_safe_helper
1640322 – CVE-2018-3282 mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
1666749 – CVE-2019-2503 mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)
1666755 – CVE-2019-2529 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)
1678662 – MariaDB TABLE CHECKSUM calculation sometimes ignore columns
1702969 – CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
1702976 – CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
mariadb-5.5.64-1.el7.src.rpm

x86_64:
mariadb-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-libs-5.5.64-1.el7.i686.rpm
mariadb-libs-5.5.64-1.el7.x86_64.rpm
mariadb-server-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
mariadb-bench-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-devel-5.5.64-1.el7.i686.rpm
mariadb-devel-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-5.5.64-1.el7.i686.rpm
mariadb-embedded-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.64-1.el7.i686.rpm
mariadb-embedded-devel-5.5.64-1.el7.x86_64.rpm
mariadb-test-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
mariadb-5.5.64-1.el7.src.rpm

x86_64:
mariadb-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-libs-5.5.64-1.el7.i686.rpm
mariadb-libs-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
mariadb-bench-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-devel-5.5.64-1.el7.i686.rpm
mariadb-devel-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-5.5.64-1.el7.i686.rpm
mariadb-embedded-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.64-1.el7.i686.rpm
mariadb-embedded-devel-5.5.64-1.el7.x86_64.rpm
mariadb-server-5.5.64-1.el7.x86_64.rpm
mariadb-test-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
mariadb-5.5.64-1.el7.src.rpm

ppc64:
mariadb-5.5.64-1.el7.ppc64.rpm
mariadb-bench-5.5.64-1.el7.ppc64.rpm
mariadb-debuginfo-5.5.64-1.el7.ppc.rpm
mariadb-debuginfo-5.5.64-1.el7.ppc64.rpm
mariadb-devel-5.5.64-1.el7.ppc.rpm
mariadb-devel-5.5.64-1.el7.ppc64.rpm
mariadb-libs-5.5.64-1.el7.ppc.rpm
mariadb-libs-5.5.64-1.el7.ppc64.rpm
mariadb-server-5.5.64-1.el7.ppc64.rpm
mariadb-test-5.5.64-1.el7.ppc64.rpm

ppc64le:
mariadb-5.5.64-1.el7.ppc64le.rpm
mariadb-bench-5.5.64-1.el7.ppc64le.rpm
mariadb-debuginfo-5.5.64-1.el7.ppc64le.rpm
mariadb-devel-5.5.64-1.el7.ppc64le.rpm
mariadb-libs-5.5.64-1.el7.ppc64le.rpm
mariadb-server-5.5.64-1.el7.ppc64le.rpm
mariadb-test-5.5.64-1.el7.ppc64le.rpm

s390x:
mariadb-5.5.64-1.el7.s390x.rpm
mariadb-bench-5.5.64-1.el7.s390x.rpm
mariadb-debuginfo-5.5.64-1.el7.s390.rpm
mariadb-debuginfo-5.5.64-1.el7.s390x.rpm
mariadb-devel-5.5.64-1.el7.s390.rpm
mariadb-devel-5.5.64-1.el7.s390x.rpm
mariadb-libs-5.5.64-1.el7.s390.rpm
mariadb-libs-5.5.64-1.el7.s390x.rpm
mariadb-server-5.5.64-1.el7.s390x.rpm
mariadb-test-5.5.64-1.el7.s390x.rpm

x86_64:
mariadb-5.5.64-1.el7.x86_64.rpm
mariadb-bench-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-devel-5.5.64-1.el7.i686.rpm
mariadb-devel-5.5.64-1.el7.x86_64.rpm
mariadb-libs-5.5.64-1.el7.i686.rpm
mariadb-libs-5.5.64-1.el7.x86_64.rpm
mariadb-server-5.5.64-1.el7.x86_64.rpm
mariadb-test-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
mariadb-debuginfo-5.5.64-1.el7.ppc.rpm
mariadb-debuginfo-5.5.64-1.el7.ppc64.rpm
mariadb-embedded-5.5.64-1.el7.ppc.rpm
mariadb-embedded-5.5.64-1.el7.ppc64.rpm
mariadb-embedded-devel-5.5.64-1.el7.ppc.rpm
mariadb-embedded-devel-5.5.64-1.el7.ppc64.rpm

ppc64le:
mariadb-debuginfo-5.5.64-1.el7.ppc64le.rpm
mariadb-embedded-5.5.64-1.el7.ppc64le.rpm
mariadb-embedded-devel-5.5.64-1.el7.ppc64le.rpm

s390x:
mariadb-debuginfo-5.5.64-1.el7.s390.rpm
mariadb-debuginfo-5.5.64-1.el7.s390x.rpm
mariadb-embedded-5.5.64-1.el7.s390.rpm
mariadb-embedded-5.5.64-1.el7.s390x.rpm
mariadb-embedded-devel-5.5.64-1.el7.s390.rpm
mariadb-embedded-devel-5.5.64-1.el7.s390x.rpm

x86_64:
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-5.5.64-1.el7.i686.rpm
mariadb-embedded-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.64-1.el7.i686.rpm
mariadb-embedded-devel-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
mariadb-5.5.64-1.el7.src.rpm

x86_64:
mariadb-5.5.64-1.el7.x86_64.rpm
mariadb-bench-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-devel-5.5.64-1.el7.i686.rpm
mariadb-devel-5.5.64-1.el7.x86_64.rpm
mariadb-libs-5.5.64-1.el7.i686.rpm
mariadb-libs-5.5.64-1.el7.x86_64.rpm
mariadb-server-5.5.64-1.el7.x86_64.rpm
mariadb-test-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-5.5.64-1.el7.i686.rpm
mariadb-embedded-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.64-1.el7.i686.rpm
mariadb-embedded-devel-5.5.64-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3058
https://access.redhat.com/security/cve/CVE-2018-3063
https://access.redhat.com/security/cve/CVE-2018-3066
https://access.redhat.com/security/cve/CVE-2018-3081
https://access.redhat.com/security/cve/CVE-2018-3282
https://access.redhat.com/security/cve/CVE-2019-2503
https://access.redhat.com/security/cve/CVE-2019-2529
https://access.redhat.com/security/cve/CVE-2019-2614
https://access.redhat.com/security/cve/CVE-2019-2627
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXUl3R9zjgjWX9erEAQiQlRAAk+c0DsGblnv/IruqY5alq0ZMIBdGuyYU
+4/WWuYfo4ToF0QKpB4HW784coQmnZ44ycuG/X5ZpKBRn+b4dAy4XjXkz6gLYqKt
QrWOJFqTTL5xNZ4dJv9tpixmo39hsJSGDqE+mb/weVaVSoDRs3E0OJ1UVFgepTJl
Tw82cJeuZZtCmXzDXix5U8ua3LeDxU7vizX7EEk5WRWoNt5zE+94wgT/wXfTzUpb
ck2Hfw+pCL06f11096jbdK0Ewdpfz1WligQPt/rcssG6g7CXw7pyIc11n8jHgmeJ
KWdtm/vrQ7worWS9dfSKgyLrpG7ae6i/WVSYpKK8JKwtShg1qEBEOIrS+bajjp3h
5IpkHHImEzEIAr4R2xlFdPLMNL0h9NinVrtE4Xe4ybs6avLzI+UCz+AfvamLkQph
7y+5nrjRWrJ3F8POZf6Y0KXR0s9yNJCgRzwdwYDW3+G9dRkdCaY8G+HWvSFv9927
4kVimwvwcUSSTQMsJcDqWJI9lcDMiwQ6P4U1U8XV7B6u0745+u8RjtSpZZIQyxIA
HogGU84e0tdo0aGnvT3HRjOZXXleqhAJVTsARlIlMbIidXTGpAj4UMDw7vu3+G3m
B3OfAJpJE0WMflDj7dIUBd4iRiyz5t5NL0e7az0xZy9eMxwj5nql03hvbAMBAQBP
IBzACt4ECMk=
=5Kfj
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa unzip

Otkriven je sigurnosni nedostatak u programskom paketu unzip za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izvršavanje proizvoljnog...

Close