Updated mariadb packages fix security vulnerability
Publication date: 20 Feb 2017Modification date: 20 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6664 , CVE-2017-3238 , CVE-2017-3243 , CVE-2017-3244 , CVE-2017-3257 , CVE-2017-3258 , CVE-2017-3265 , CVE-2017-3291 , CVE-2017-3312 , CVE-2017-3317 , CVE-2017-3318
Description
Root Privilege Escalation (CVE-2016-6664). Unspecified vulnerability affecting the Optimizer component (CVE-2017-3238). Unspecified vulnerability affecting the Charsets component (CVE-2017-3243). Unspecified vulnerability affecing the DML component (CVE-2017-3244). Unspecified vulnerability affecting InnoDB (CVE-2017-3257). Unspecified vulnerability in the DDL component (CVE-2017-3258). Unsafe chmod/chown use in init script (CVE-2017-3265). Unrestricted mysqld_safe's ledir (CVE-2017-3291). Insecure error log file handling in mysqld_safe, due to an incomplete fix for CVE-2016-6664 (CVE-2017-3312). Unspecified vulnerability affecting Logging (CVE-2017-3317). Unspecified vulnerability affecting Error Handling (CVE-2017-3318). Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428).
References
- https://bugs.mageia.org/show_bug.cgi?id=20139
- https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/
- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
- https://lists.opensuse.org/opensuse-updates/2017-02/msg00074.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6664
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3238
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3243
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3244
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3257
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3258
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3265
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3291
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3312
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3317
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3318
SRPMS
5/core
- mariadb-10.0.29-1.3.mga5