openSUSE Security Update: Security update for mariadb ______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1800-1 Rating: important References: #1088681 #1090518 Cross-References: CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819
Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________
An update that fixes 12 vulnerabilities is now available.
Description:
This update for MariaDB to version 10.0.35 fixes multiple issues:
Security issues fixed:
* CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes (bsc#1090518) * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518) * CVE-2018-2755: Unspecified vulnerability in Replication allowing server compromise (bsc#1090518) * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518) * CVE-2018-2761: Unspecified DoS vulnerability in Client programs (bsc#1090518) * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer (bsc#1090518) * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking component (bsc#1090518) * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing unauthorized reads (bsc#1090518) * CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681)
The following changes are included:
* XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * Fix for Crash in MVCC read after IMPORT TABLESPACE * Fix for innodb_read_only trying to modify files if transactions were recovered in COMMITTED state * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing corrupted record
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-668=1
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libmysqlclient-devel-10.0.35-35.1 libmysqlclient18-10.0.35-35.1 libmysqlclient18-debuginfo-10.0.35-35.1 libmysqlclient_r18-10.0.35-35.1 libmysqld-devel-10.0.35-35.1 libmysqld18-10.0.35-35.1 libmysqld18-debuginfo-10.0.35-35.1 mariadb-10.0.35-35.1 mariadb-bench-10.0.35-35.1 mariadb-bench-debuginfo-10.0.35-35.1 mariadb-client-10.0.35-35.1 mariadb-client-debuginfo-10.0.35-35.1 mariadb-debuginfo-10.0.35-35.1 mariadb-debugsource-10.0.35-35.1 mariadb-errormessages-10.0.35-35.1 mariadb-test-10.0.35-35.1 mariadb-test-debuginfo-10.0.35-35.1 mariadb-tools-10.0.35-35.1 mariadb-tools-debuginfo-10.0.35-35.1
- openSUSE Leap 42.3 (x86_64):
libmysqlclient18-32bit-10.0.35-35.1 libmysqlclient18-debuginfo-32bit-10.0.35-35.1 libmysqlclient_r18-32bit-10.0.35-35.1
References:
https://www.suse.com/security/cve/CVE-2018-2755.html https://www.suse.com/security/cve/CVE-2018-2761.html https://www.suse.com/security/cve/CVE-2018-2766.html https://www.suse.com/security/cve/CVE-2018-2767.html https://www.suse.com/security/cve/CVE-2018-2771.html https://www.suse.com/security/cve/CVE-2018-2781.html https://www.suse.com/security/cve/CVE-2018-2782.html https://www.suse.com/security/cve/CVE-2018-2784.html https://www.suse.com/security/cve/CVE-2018-2787.html https://www.suse.com/security/cve/CVE-2018-2813.html https://www.suse.com/security/cve/CVE-2018-2817.html https://www.suse.com/security/cve/CVE-2018-2819.html https://bugzilla.suse.com/1088681 https://bugzilla.suse.com/1090518