Updated mariadb package fixes security vulnerabilities
Publication date: 27 Jul 2015Modification date: 11 Mar 2022
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3152 , CVE-2015-2582 , CVE-2015-2620 , CVE-2015-2643 , CVE-2015-2648 , CVE-2015-4737 , CVE-2015-4752
Description
The mariadb package has been updated to versions 5.5.44 and 10.0.20 in Mageia 4 and Mageia 5, respectively. Both fix an issue where the client is vulnerable to a man-in-the-middle attack when using the --ssl option, where the SSL/TLS protection could be disabled (CVE-2015-3152). The Mageia 4 update also fixes other unspecified security issues, such as CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, and CVE-2015-4752. Refer to the Oracle Critical Patch Update for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=16146
- https://mariadb.com/kb/en/mariadb/mariadb-5544-release-notes/
- https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- https://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2582
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2620
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2643
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2648
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4737
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4752
SRPMS
5/core
- mariadb-10.0.20-1.mga5
4/core
- mariadb-5.5.44-1.mga4