Advisories ยป MGASA-2015-0279

Updated mariadb package fixes security vulnerabilities

Publication date: 27 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3152 , CVE-2015-2582 , CVE-2015-2620 , CVE-2015-2643 , CVE-2015-2648 , CVE-2015-4737 , CVE-2015-4752


The mariadb package has been updated to versions 5.5.44 and 10.0.20 in
Mageia 4 and Mageia 5, respectively.  Both fix an issue where the client
is vulnerable to a man-in-the-middle attack when using the --ssl option,
where  the SSL/TLS protection could be disabled (CVE-2015-3152).

The Mageia 4 update also fixes other unspecified security issues, such as
CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737,
and CVE-2015-4752.  Refer to the Oracle Critical Patch Update for details.