Advisories » MGASA-2015-0445

Updated mariadb packages fix security vulnerabilities

Publication date: 16 Nov 2015
Modification date: 16 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-4802 , CVE-2015-4815 , CVE-2015-4826 , CVE-2015-4830 , CVE-2015-4836 , CVE-2015-4858 , CVE-2015-4861 , CVE-2015-4870 , CVE-2015-4913 , CVE-2015-4792

Description

This update provides the upstream 10.0.22 maintenance release and fixes
the following security issues:

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
5.6.26 and earlier allows remote authenticated users to affect availability
via unknown vectors related to Server : Partition, a different vulnerability
than CVE-2015-4792. (CVE-2015-4802)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
5.6.26 and earlier allows remote authenticated users to affect availability
via vectors related to Server : DDL. (CVE-2015-4815)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
5.6.26 and earlier allows remote authenticated users to affect
confidentiality via unknown vectors related to Server : Types.
(CVE-2015-4826)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
5.6.26 and earlier allows remote authenticated users to affect integrity
via unknown vectors related to Server : Security : Privileges.
(CVE-2015-4830)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and
5.6.26 and earlier, allows remote authenticated users to affect availability
via unknown vectors related to Server : SP. (CVE-2015-4836)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and
5.6.26 and earlier, allows remote authenticated users to affect availability
via vectors related to DML, a different vulnerability than CVE-2015-4913.
(CVE-2015-4858)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and
5.6.26 and earlier, allows remote authenticated users to affect availability
via unknown vectors related to Server : InnoDB. (CVE-2015-4861)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and
5.6.26 and earlier, allows remote authenticated users to affect availability
via unknown vectors related to Server : Parser. (CVE-2015-4870)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
5.6.26 and earlier allows remote authenticated users to affect availability
via vectors related to Server : DML, a different vulnerability than
CVE-2015-4858. (CVE-2015-4913)

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and
5.6.26 and earlier allows remote authenticated users to affect availability
via unknown vectors related to Server : Partition, a different vulnerability
than CVE-2015-4802. (CVE-2015-4792)

For other fixes in this update, see the referenced release notes.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17065
• https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4802
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4815
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4826
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4830
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4836
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4858
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4861
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4870
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4792

SRPMS

5/core

• mariadb-10.0.22-1.mga5