You are here
Home > Preporuke > Sigurnosni propusti programskog paketa mariadb

Sigurnosni propusti programskog paketa mariadb

——————————————————————————–
Fedora Update Notification
FEDORA-2014-9956
2014-08-30 03:13:03
——————————————————————————–

Name : mariadb
Product : Fedora 20
Version : 5.5.39
Release : 1.fc20
URL : http://mariadb.org
Summary : A community developed branch of MySQL
Description :
MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

——————————————————————————–
Update Information:

This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5539-changelog and also an unspecified MyISAM temporary file issue.
——————————————————————————–
ChangeLog:

* Fri Aug 22 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.39-1
– Update to 5.5.39
* Fri Jun 27 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.38-3
– Add compatible libmysqlclient_18 version for symbols
Resolves: #1111776
* Thu Jun 19 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.38-2
– Enable TokuDB engine for x86_64
– Re-enable tokudb_innodb_xa_crash again, seems to be fixed now
Resolves: #1074488
* Wed Jun 18 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.38-1
– Rebase to 5.5.38
https://kb.askmonty.org/en/mariadb-5538-changelog/
* Thu Apr 17 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.37-1
– Update to MariaDB 5.5.37, for various fixes described at
https://kb.askmonty.org/en/mariadb-5537-changelog/
Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432
CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
* Thu Mar 6 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.36-1
– Rebase to 5.5.36
https://kb.askmonty.org/en/mariadb-5536-changelog/
* Wed Feb 5 2014 Honza Horak <hhorak@redhat.com> 1:5.5.35-3
– Do not touch the log file in post script, so it does not get wrong owner
Resolves: #1061045
* Thu Jan 30 2014 Honza Horak <hhorak@redhat.com> 1:5.5.35-1
– Rebase to 5.5.35
https://kb.askmonty.org/en/mariadb-5535-changelog/
Also fixes: CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908,
CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401,
CVE-2014-0402
Resolves: #1054043
Resolves: #1059546
* Wed Jan 8 2014 Honza Horak <hhorak@redhat.com> 1:5.5.34-4
– Read socketfile location in mariadb-prepare-db-dir script
* Mon Jan 6 2014 Honza Horak <hhorak@redhat.com> 1:5.5.34-3
– Don’t test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl
which now makes mariadb/mysql FTBFS because openssl_1 test fails
Related: #1044565
– Check if socket file is not being used by another process at a time
of starting the service
Related: #1045435
– Use %ghost directive for the log file
Related: 1043501
* Wed Nov 27 2013 Honza Horak <hhorak@redhat.com> 1:5.5.34-2
– Fix mariadb-wait-ready script
* Fri Nov 22 2013 Honza Horak <hhorak@redhat.com> 1:5.5.34-1
– Rebase to 5.5.34
* Mon Nov 4 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-4
– Fix spec file to be ready for backport by Oden Eriksson
Resolves: #1026404
* Mon Nov 4 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-3
– Add pam-devel to build-requires in order to build
Related: #1019945
– Check if correct process is running in mysql-wait-ready script
Related: #1026313
——————————————————————————–
References:

[ 1 ] Bug #1126271 – mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20
https://bugzilla.redhat.com/show_bug.cgi?id=1126271
[ 2 ] Bug #1126272 – mysql: yaSSL off-by-one when decoding dates form X.509 certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1126272
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update mariadb’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-9942
2014-08-30 03:12:27
——————————————————————————–

Name : mariadb
Product : Fedora 19
Version : 5.5.39
Release : 1.fc19
URL : http://mariadb.org
Summary : A community developed branch of MySQL
Description :
MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

——————————————————————————–
Update Information:

This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5539-changelog and also an unspecified MyISAM temporary file issue.
——————————————————————————–
ChangeLog:

* Fri Aug 22 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.39-1
– Update to 5.5.39
* Fri Jun 27 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.38-3
– Add compatible libmysqlclient_18 version for symbols
Resolves: #1111776
* Thu Jun 19 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.38-2
– Enable TokuDB engine for x86_64
– Re-enable tokudb_innodb_xa_crash again, seems to be fixed now
Resolves: #1074488
* Wed Jun 18 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.38-1
– Rebase to 5.5.38
https://kb.askmonty.org/en/mariadb-5538-changelog/
* Thu Apr 17 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.37-1
– Update to MariaDB 5.5.37, for various fixes described at
https://kb.askmonty.org/en/mariadb-5537-changelog/
Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432
CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
* Thu Mar 6 2014 Honza Horak <hhorak@redhat.com> – 1:5.5.36-1
– Rebase to 5.5.36
https://kb.askmonty.org/en/mariadb-5536-changelog/
* Wed Feb 5 2014 Honza Horak <hhorak@redhat.com> 1:5.5.35-2
– Do not touch the log file in post script, so it does not get wrong owner
Resolves: #1061045
* Thu Jan 30 2014 Honza Horak <hhorak@redhat.com> 1:5.5.35-1
– Rebase to 5.5.35
https://kb.askmonty.org/en/mariadb-5535-changelog/
Also fixes: CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908,
CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401,
CVE-2014-0402
Resolves: #1054043
Resolves: #1059546
* Wed Jan 8 2014 Honza Horak <hhorak@redhat.com> 1:5.5.34-4
– Read socketfile location in mariadb-prepare-db-dir script
* Mon Jan 6 2014 Honza Horak <hhorak@redhat.com> 1:5.5.34-3
– Don’t test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl
which now makes mariadb/mysql FTBFS because openssl_1 test fails
Related: #1044565
– Check if socket file is not being used by another process at a time
of starting the service
Related: #1045435
* Wed Nov 27 2013 Honza Horak <hhorak@redhat.com> 1:5.5.34-2
– Fix mariadb-wait-ready script
* Fri Nov 22 2013 Honza Horak <hhorak@redhat.com> 1:5.5.34-1
– Rebase to 5.5.34
* Mon Nov 4 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-4
– Fix spec file to be ready for backport by Oden Eriksson
Resolves: #1026404
* Mon Nov 4 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-3
– Add pam-devel to build-requires in order to build
Related: #1019945
– Check if correct process is running in mysql-wait-ready script
Related: #1026313
* Thu Oct 10 2013 Honza Horak <hhorak@redhat.com> 1:5.5.33a-1
– Rebase to 5.5.33a
https://kb.askmonty.org/en/mariadb-5533-changelog/
https://kb.askmonty.org/en/mariadb-5533a-changelog/
– Enable outfile_loaddata test
– Disable tokudb_innodb_xa_crash test
* Wed Aug 14 2013 Rex Dieter <rdieter@fedoraproject.org> 1:5.5.32-8
– fix alternatives usage
* Tue Aug 13 2013 Honza Horak <hhorak@redhat.com> – 1:5.5.32-7
– Multilib issues solved by alternatives
Resolves: #986959
* Tue Jul 30 2013 Honza Horak <hhorak@redhat.com> – 1:5.5.32-6
– Remove unneeded systemd-sysv requires
– Provide mysql-compat-server symbol
– Create mariadb.service symlink
– Fix multilib header location for arm
– Enhance documentation in the unit file
– Use scriptstub instead of links to avoid multilib conflicts
– Add condition for doc placement in F20+
* Sun Jul 28 2013 Dennis Gilmore <dennis@ausil.us> – 1:5.5.32-5
– remove “Requires(pretrans): systemd” since its not possible
– when installing mariadb and systemd at the same time. as in a new install
* Sat Jul 27 2013 Kevin Fenzi <kevin@scrye.com> 1:5.5.32-4
– Set rpm doc macro to install docs in unversioned dir
* Fri Jul 26 2013 Dennis Gilmore <dennis@ausil.us> 1:5.5.32-3
– add Requires(pre) on systemd for the server package
* Tue Jul 23 2013 Dennis Gilmore <dennis@ausil.us> 1:5.5.32-2
– replace systemd-units requires with systemd
– remove solaris files
* Fri Jul 19 2013 Honza Horak <hhorak@redhat.com> 1:5.5.32-1
– Rebase to 5.5.32
https://kb.askmonty.org/en/mariadb-5532-changelog/
– Clean-up un-necessary systemd snippets
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> – 1:5.5.31-7
– Perl 5.18 rebuild
* Mon Jul 1 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-6
– Test suite params enhanced to decrease server condition influence
– Fix misleading error message when uninstalling built-in plugins
Related: #966873
* Thu Jun 27 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-5
– Apply fixes found by Coverity static analysis tool
* Wed Jun 19 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-4
– Do not use pretrans scriptlet, which doesn’t work in anaconda
Resolves: #975348
* Fri Jun 14 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-3
– Explicitly enable mysqld if it was enabled in the beggining
of the transaction.
* Thu Jun 13 2013 Honza Horak <hhorak@redhat.com> 1:5.5.31-2
– Apply man page fix from Jan Stanek
——————————————————————————–
References:

[ 1 ] Bug #1126271 – mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20
https://bugzilla.redhat.com/show_bug.cgi?id=1126271
[ 2 ] Bug #1126272 – mysql: yaSSL off-by-one when decoding dates form X.509 certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1126272
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update mariadb’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
7e

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa acpi-support

Otkriven je sigurnosni nedostatak u programskom paketu acpi-support. Otkriveni nedostatak potencijalnim lokalnim napadačima omogućuje stjecanje administratorskih ovlasti. Svim korisnicima savjetuje...

Close