You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa mariadb

Sigurnosni nedostaci programskog paketa mariadb

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: mariadb security and bug fix update
Advisory ID: RHSA-2018:2439-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2439
Issue date: 2018-08-16
CVE Names: CVE-2017-3636 CVE-2017-3641 CVE-2017-3651
CVE-2017-3653 CVE-2017-10268 CVE-2017-10378
CVE-2017-10379 CVE-2017-10384 CVE-2018-2562
CVE-2018-2622 CVE-2018-2640 CVE-2018-2665
CVE-2018-2668 CVE-2018-2755 CVE-2018-2761
CVE-2018-2767 CVE-2018-2771 CVE-2018-2781
CVE-2018-2813 CVE-2018-2817 CVE-2018-2819
=====================================================================

1. Summary:

An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) – aarch64, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) – aarch64, ppc64le, s390x

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.

The following packages have been upgraded to a later upstream version:
mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)

Security Fix(es):

* mysql: Client programs unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3636)

* mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3641)

* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3651)

* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10268)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10378)

* mysql: Client programs unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10379)

* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10384)

* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2562)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2622)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2640)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2665)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2668)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2755)

* mysql: Client programs unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2761)

* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2771)

* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2781)

* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2813)

* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2817)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)

* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3653)

* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)
(CVE-2018-2767)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Bug Fix(es):

* Previously, the mysqladmin tool waited for an inadequate length of time
if the socket it listened on did not respond in a specific way.
Consequently, when the socket was used while the MariaDB server was
starting, the mariadb service became unresponsive for a long time. With
this update, the mysqladmin timeout has been shortened to 2 seconds. As a
result, the mariadb service either starts or fails but no longer hangs in
the described situation. (BZ#1584023)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1472686 – CVE-2017-3636 mysql: Client programs unspecified vulnerability (CPU Jul 2017)
1472693 – CVE-2017-3641 mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
1472708 – CVE-2017-3651 mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)
1472711 – CVE-2017-3653 mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
1503656 – CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
1503684 – CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
1503685 – CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017)
1503686 – CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)
1535484 – CVE-2018-2562 mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
1535499 – CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
1535500 – CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535504 – CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1535506 – CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
1564965 – CVE-2018-2767 mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)
1568921 – CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
1568924 – CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
1568931 – CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
1568942 – CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
1568951 – CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
1568954 – CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
1568956 – CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
1584023 – systemctl start mariadb – hangs if sock file is used by another process [rhel-7.5.z]
1584024 – MariaDB crashing due to specific SQL statement [rhel-7.5.z]
1584029 – MariaDB server segfaults with select query [rhel-7.5.z]

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
mariadb-5.5.60-1.el7_5.src.rpm

x86_64:
mariadb-5.5.60-1.el7_5.x86_64.rpm
mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
mariadb-libs-5.5.60-1.el7_5.i686.rpm
mariadb-libs-5.5.60-1.el7_5.x86_64.rpm
mariadb-server-5.5.60-1.el7_5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
mariadb-bench-5.5.60-1.el7_5.x86_64.rpm
mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
mariadb-devel-5.5.60-1.el7_5.i686.rpm
mariadb-devel-5.5.60-1.el7_5.x86_64.rpm
mariadb-embedded-5.5.60-1.el7_5.i686.rpm
mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm
mariadb-test-5.5.60-1.el7_5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
mariadb-5.5.60-1.el7_5.src.rpm

x86_64:
mariadb-5.5.60-1.el7_5.x86_64.rpm
mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
mariadb-libs-5.5.60-1.el7_5.i686.rpm
mariadb-libs-5.5.60-1.el7_5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
mariadb-bench-5.5.60-1.el7_5.x86_64.rpm
mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
mariadb-devel-5.5.60-1.el7_5.i686.rpm
mariadb-devel-5.5.60-1.el7_5.x86_64.rpm
mariadb-embedded-5.5.60-1.el7_5.i686.rpm
mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm
mariadb-server-5.5.60-1.el7_5.x86_64.rpm
mariadb-test-5.5.60-1.el7_5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
mariadb-5.5.60-1.el7_5.src.rpm

ppc64:
mariadb-5.5.60-1.el7_5.ppc64.rpm
mariadb-bench-5.5.60-1.el7_5.ppc64.rpm
mariadb-debuginfo-5.5.60-1.el7_5.ppc.rpm
mariadb-debuginfo-5.5.60-1.el7_5.ppc64.rpm
mariadb-devel-5.5.60-1.el7_5.ppc.rpm
mariadb-devel-5.5.60-1.el7_5.ppc64.rpm
mariadb-libs-5.5.60-1.el7_5.ppc.rpm
mariadb-libs-5.5.60-1.el7_5.ppc64.rpm
mariadb-server-5.5.60-1.el7_5.ppc64.rpm
mariadb-test-5.5.60-1.el7_5.ppc64.rpm

ppc64le:
mariadb-5.5.60-1.el7_5.ppc64le.rpm
mariadb-bench-5.5.60-1.el7_5.ppc64le.rpm
mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm
mariadb-devel-5.5.60-1.el7_5.ppc64le.rpm
mariadb-libs-5.5.60-1.el7_5.ppc64le.rpm
mariadb-server-5.5.60-1.el7_5.ppc64le.rpm
mariadb-test-5.5.60-1.el7_5.ppc64le.rpm

s390x:
mariadb-5.5.60-1.el7_5.s390x.rpm
mariadb-bench-5.5.60-1.el7_5.s390x.rpm
mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm
mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm
mariadb-devel-5.5.60-1.el7_5.s390.rpm
mariadb-devel-5.5.60-1.el7_5.s390x.rpm
mariadb-libs-5.5.60-1.el7_5.s390.rpm
mariadb-libs-5.5.60-1.el7_5.s390x.rpm
mariadb-server-5.5.60-1.el7_5.s390x.rpm
mariadb-test-5.5.60-1.el7_5.s390x.rpm

x86_64:
mariadb-5.5.60-1.el7_5.x86_64.rpm
mariadb-bench-5.5.60-1.el7_5.x86_64.rpm
mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
mariadb-devel-5.5.60-1.el7_5.i686.rpm
mariadb-devel-5.5.60-1.el7_5.x86_64.rpm
mariadb-libs-5.5.60-1.el7_5.i686.rpm
mariadb-libs-5.5.60-1.el7_5.x86_64.rpm
mariadb-server-5.5.60-1.el7_5.x86_64.rpm
mariadb-test-5.5.60-1.el7_5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
mariadb-5.5.60-1.el7_5.src.rpm

aarch64:
mariadb-5.5.60-1.el7_5.aarch64.rpm
mariadb-bench-5.5.60-1.el7_5.aarch64.rpm
mariadb-debuginfo-5.5.60-1.el7_5.aarch64.rpm
mariadb-devel-5.5.60-1.el7_5.aarch64.rpm
mariadb-libs-5.5.60-1.el7_5.aarch64.rpm
mariadb-server-5.5.60-1.el7_5.aarch64.rpm
mariadb-test-5.5.60-1.el7_5.aarch64.rpm

ppc64le:
mariadb-5.5.60-1.el7_5.ppc64le.rpm
mariadb-bench-5.5.60-1.el7_5.ppc64le.rpm
mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm
mariadb-devel-5.5.60-1.el7_5.ppc64le.rpm
mariadb-libs-5.5.60-1.el7_5.ppc64le.rpm
mariadb-server-5.5.60-1.el7_5.ppc64le.rpm
mariadb-test-5.5.60-1.el7_5.ppc64le.rpm

s390x:
mariadb-5.5.60-1.el7_5.s390x.rpm
mariadb-bench-5.5.60-1.el7_5.s390x.rpm
mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm
mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm
mariadb-devel-5.5.60-1.el7_5.s390.rpm
mariadb-devel-5.5.60-1.el7_5.s390x.rpm
mariadb-libs-5.5.60-1.el7_5.s390.rpm
mariadb-libs-5.5.60-1.el7_5.s390x.rpm
mariadb-server-5.5.60-1.el7_5.s390x.rpm
mariadb-test-5.5.60-1.el7_5.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
mariadb-debuginfo-5.5.60-1.el7_5.ppc.rpm
mariadb-debuginfo-5.5.60-1.el7_5.ppc64.rpm
mariadb-embedded-5.5.60-1.el7_5.ppc.rpm
mariadb-embedded-5.5.60-1.el7_5.ppc64.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.ppc.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.ppc64.rpm

ppc64le:
mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm
mariadb-embedded-5.5.60-1.el7_5.ppc64le.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.ppc64le.rpm

s390x:
mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm
mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm
mariadb-embedded-5.5.60-1.el7_5.s390.rpm
mariadb-embedded-5.5.60-1.el7_5.s390x.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.s390.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.s390x.rpm

x86_64:
mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
mariadb-embedded-5.5.60-1.el7_5.i686.rpm
mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
mariadb-debuginfo-5.5.60-1.el7_5.aarch64.rpm
mariadb-embedded-5.5.60-1.el7_5.aarch64.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.aarch64.rpm

ppc64le:
mariadb-debuginfo-5.5.60-1.el7_5.ppc64le.rpm
mariadb-embedded-5.5.60-1.el7_5.ppc64le.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.ppc64le.rpm

s390x:
mariadb-debuginfo-5.5.60-1.el7_5.s390.rpm
mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm
mariadb-embedded-5.5.60-1.el7_5.s390.rpm
mariadb-embedded-5.5.60-1.el7_5.s390x.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.s390.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
mariadb-5.5.60-1.el7_5.src.rpm

x86_64:
mariadb-5.5.60-1.el7_5.x86_64.rpm
mariadb-bench-5.5.60-1.el7_5.x86_64.rpm
mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
mariadb-devel-5.5.60-1.el7_5.i686.rpm
mariadb-devel-5.5.60-1.el7_5.x86_64.rpm
mariadb-libs-5.5.60-1.el7_5.i686.rpm
mariadb-libs-5.5.60-1.el7_5.x86_64.rpm
mariadb-server-5.5.60-1.el7_5.x86_64.rpm
mariadb-test-5.5.60-1.el7_5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
mariadb-embedded-5.5.60-1.el7_5.i686.rpm
mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm
mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-3636
https://access.redhat.com/security/cve/CVE-2017-3641
https://access.redhat.com/security/cve/CVE-2017-3651
https://access.redhat.com/security/cve/CVE-2017-3653
https://access.redhat.com/security/cve/CVE-2017-10268
https://access.redhat.com/security/cve/CVE-2017-10378
https://access.redhat.com/security/cve/CVE-2017-10379
https://access.redhat.com/security/cve/CVE-2017-10384
https://access.redhat.com/security/cve/CVE-2018-2562
https://access.redhat.com/security/cve/CVE-2018-2622
https://access.redhat.com/security/cve/CVE-2018-2640
https://access.redhat.com/security/cve/CVE-2018-2665
https://access.redhat.com/security/cve/CVE-2018-2668
https://access.redhat.com/security/cve/CVE-2018-2755
https://access.redhat.com/security/cve/CVE-2018-2761
https://access.redhat.com/security/cve/CVE-2018-2767
https://access.redhat.com/security/cve/CVE-2018-2771
https://access.redhat.com/security/cve/CVE-2018-2781
https://access.redhat.com/security/cve/CVE-2018-2813
https://access.redhat.com/security/cve/CVE-2018-2817
https://access.redhat.com/security/cve/CVE-2018-2819
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBW3WHqNzjgjWX9erEAQhEdw//el5ZzNUVdqWJhm1sgBuiu18mbsZxEgHb
SlGFd7S0JTP/2P9W37Jbutm3gGBMUfb8QpmYDDCkpVxCTqoe5iOiV1gE5Kbr+xb9
cHZ3yZPiswNV6fXqahEKOwjwQBHVieEzskPBidRi8fRZA9TlUvYt+Hn23IDUrEZA
4RNw7hOELceHIoJidACz5zetpkl5t6Vvjj8kZiMm3zQFRmaCh1k7k/uP18wxCMgx
9PVo74St687MSeUPiXXmYTSLOMW4j2vXiO6a3pZ7D3iyafk23293dye0QE/tLV9L
54Tb9iLNUtB30F89tRgr9GFWIUVRdgbOg11TFP4HCXzPZFsamv2i7qMZKU9fbEko
l/c9JOo/MwovWbZwTqyFQgjZ5lnAEthVGcprc3V4QRnF4dhFj0O3gcWqoUGgu9NP
EyyKXnkyg1VrEo9pJxjVf89oCe9G/GY6hl8OdC3dV45VMwEZaHuabE4F69+fUPtw
h5TrNPKY+QCf2eSuIoZSGM2YP74X847Liqa/ESSslNIIIUmZlaFhtiE2UANx52Z0
taoAH0fkDp4jICHSrhNphzxn0Ktkjm3plTiy9riA/ALjjFyTxy6iOPBTjg+TeXcI
CwVedmSqfLeOGYSA5dwSXmejOy+9uwBye7AHS+jj/GHfwxZi4AlGLar0G+aH+PVq
loAC4Ye7izk=
=v8c6
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libheimdal

Otkriven je sigurnosni nedostatak programske biblioteke libheimdal za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja. Savjetuje...

Close