You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa mariadb

Sigurnosni nedostaci programskog paketa mariadb

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: mariadb:10.3 security and bug fix update
Advisory ID: RHSA-2019:3708-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3708
Issue date: 2019-11-05
CVE Names: CVE-2019-2510 CVE-2019-2537 CVE-2019-2614
CVE-2019-2627 CVE-2019-2628 CVE-2019-2737
CVE-2019-2739 CVE-2019-2740 CVE-2019-2758
CVE-2019-2805
=====================================================================

1. Summary:

An update for the mariadb:10.3 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) – aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.

The following packages have been upgraded to a later upstream version:
mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358)

Security Fix(es):

* mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
(CVE-2019-2537)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
(CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr
2019) (CVE-2019-2627)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)

* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2737)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2019) (CVE-2019-2739)

* mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2740)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)

* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2805)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1657220 – Rebase to 25.3.26
1659920 – Fix security flags in ELF files
1666751 – CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019)
1666763 – CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
1686818 – Altering table’s column used in primary key causes data corruption
1687879 – Cannot join a cluster any more when using IPv6 in gmcast.listen_addr
1693245 – SELinux: mariadb-server-galera
1702707 – Invalid License tag
1702709 – Investigate: “Gaps were detected in the annobin coverage”
1702969 – CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
1702976 – CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
1702977 – CVE-2019-2628 mysql: InnoDB unspecified vulnerability (CPU Apr 2019)
1731997 – CVE-2019-2737 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
1731999 – CVE-2019-2739 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
1732000 – CVE-2019-2740 mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
1732008 – CVE-2019-2758 mysql: InnoDB unspecified vulnerability (CPU Jul 2019)
1732025 – CVE-2019-2805 mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
galera-25.3.26-1.module+el8.1.0+3974+90eded84.src.rpm
mariadb-10.3.17-1.module+el8.1.0+3974+90eded84.src.rpm

aarch64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
galera-25.3.26-1.module+el8.1.0+3974+90eded84.aarch64.rpm
galera-debuginfo-25.3.26-1.module+el8.1.0+3974+90eded84.aarch64.rpm
galera-debugsource-25.3.26-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-backup-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-backup-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-common-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-debugsource-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-devel-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-embedded-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-embedded-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-embedded-devel-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-errmsg-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-gssapi-server-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-gssapi-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-oqgraph-engine-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-server-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-server-galera-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-server-utils-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-server-utils-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-test-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm
mariadb-test-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.aarch64.rpm

ppc64le:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
galera-25.3.26-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
galera-debuginfo-25.3.26-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
galera-debugsource-25.3.26-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-backup-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-backup-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-common-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-debugsource-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-devel-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-embedded-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-embedded-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-embedded-devel-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-errmsg-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-gssapi-server-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-gssapi-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-oqgraph-engine-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-oqgraph-engine-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-server-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-server-galera-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-server-utils-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-server-utils-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-test-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm
mariadb-test-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.ppc64le.rpm

s390x:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
galera-25.3.26-1.module+el8.1.0+3974+90eded84.s390x.rpm
galera-debuginfo-25.3.26-1.module+el8.1.0+3974+90eded84.s390x.rpm
galera-debugsource-25.3.26-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-backup-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-backup-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-common-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-debugsource-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-devel-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-embedded-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-embedded-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-embedded-devel-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-errmsg-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-gssapi-server-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-gssapi-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-oqgraph-engine-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-oqgraph-engine-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-server-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-server-galera-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-server-utils-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-server-utils-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-test-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm
mariadb-test-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.s390x.rpm

x86_64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
galera-25.3.26-1.module+el8.1.0+3974+90eded84.x86_64.rpm
galera-debuginfo-25.3.26-1.module+el8.1.0+3974+90eded84.x86_64.rpm
galera-debugsource-25.3.26-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-backup-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-backup-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-common-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-debugsource-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-devel-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-embedded-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-embedded-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-embedded-devel-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-errmsg-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-gssapi-server-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-gssapi-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-oqgraph-engine-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-oqgraph-engine-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-server-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-server-galera-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-server-utils-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-server-utils-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-test-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm
mariadb-test-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

Source:
asio-1.10.8-7.module+el8+2765+cfa4f87b.src.rpm

aarch64:
Judy-devel-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
asio-devel-1.10.8-7.module+el8+2765+cfa4f87b.aarch64.rpm

ppc64le:
Judy-devel-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm
asio-devel-1.10.8-7.module+el8+2765+cfa4f87b.ppc64le.rpm

s390x:
Judy-devel-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm
asio-devel-1.10.8-7.module+el8+2765+cfa4f87b.s390x.rpm

x86_64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.i686.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.i686.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.i686.rpm
Judy-devel-1.0.5-18.module+el8+2765+cfa4f87b.i686.rpm
Judy-devel-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm
asio-devel-1.10.8-7.module+el8+2765+cfa4f87b.i686.rpm
asio-devel-1.10.8-7.module+el8+2765+cfa4f87b.x86_64.rpm
galera-25.3.26-1.module+el8.1.0+3974+90eded84.i686.rpm
galera-debuginfo-25.3.26-1.module+el8.1.0+3974+90eded84.i686.rpm
galera-debugsource-25.3.26-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-backup-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-backup-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-common-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-debugsource-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-devel-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-embedded-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-embedded-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-embedded-devel-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-errmsg-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-gssapi-server-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-gssapi-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-oqgraph-engine-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-oqgraph-engine-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-server-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-server-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-server-galera-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-server-utils-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-server-utils-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-test-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm
mariadb-test-debuginfo-10.3.17-1.module+el8.1.0+3974+90eded84.i686.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2510
https://access.redhat.com/security/cve/CVE-2019-2537
https://access.redhat.com/security/cve/CVE-2019-2614
https://access.redhat.com/security/cve/CVE-2019-2627
https://access.redhat.com/security/cve/CVE-2019-2628
https://access.redhat.com/security/cve/CVE-2019-2737
https://access.redhat.com/security/cve/CVE-2019-2739
https://access.redhat.com/security/cve/CVE-2019-2740
https://access.redhat.com/security/cve/CVE-2019-2758
https://access.redhat.com/security/cve/CVE-2019-2805
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXcHzF9zjgjWX9erEAQhk/RAAnu4SJsqm5/3fgzG4ZH7Igh8FmIPXuh4y
QpvE8rqDL3OgLyGWp3miPFPbWChQFTBjjcJwssyobNZoKH1PTTduaP6Z7ApxBd21
bYoTIOyAlKOxOopzzD/ldQafAgU2p9d0cIBy3t1YLnxPb6RwjxjuKg6ELym6CKzZ
K74132k6m+RzJTLa9rNHH/cf/5nF4vhbbvoLQKu6VEfkOyrHAJp29yKulS3XnRVZ
30a7raQTJHAcn4OrJHNTF8McikGQa4eezJGN5cYaBTqM+73qdmZNyYDmIUISXj8R
mYkOV4DzcVdXd46TMTh9DvplG/bcdtRrlr8BeYGkhk+qAxaxZYZjvx8yHw0O6In8
+mhdV+/aQeXxdfDT9hbUnACDHl9kt9Ow0boxXh50XO/FTPSb09HzWTWQQfYAn6W7
rtrsJbh8oPdzJKbpLqgXBq5aEOt7BezSL17x4hE9fsgR91m9EQAiVf12xjxaVD1I
7YWgdQ2R5IT6Gl5uBhy0c3VYGq4XUJzEmljhPm+IaOdDSQRf10V7qbQ+ADJOPNYy
hbsBwbX9BR4YEILwi7Q4Clw9b8AAe+72nimRH62kTSOWJ/ysYP1i7XJAp1Ihq7q0
XPcQrUm5AK6s2uJl/tny5P9PVDo3PA7HP24LmNgu7edBOH8nRzYglV8C1HUj9Qn+
XODm6UzKBqE=
=WdTX
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libarchive

Otkriveni su sigurnosni nedostaci programske biblioteke libarchive za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close