openSUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1800-1 Rating: important References: #1088681 #1090518 Cross-References: CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for MariaDB to version 10.0.35 fixes multiple issues: Security issues fixed: * CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes (bsc#1090518) * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518) * CVE-2018-2755: Unspecified vulnerability in Replication allowing server compromise (bsc#1090518) * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518) * CVE-2018-2761: Unspecified DoS vulnerability in Client programs (bsc#1090518) * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer (bsc#1090518) * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking component (bsc#1090518) * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing unauthorized reads (bsc#1090518) * CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681) The following changes are included: * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * Fix for Crash in MVCC read after IMPORT TABLESPACE * Fix for innodb_read_only trying to modify files if transactions were recovered in COMMITTED state * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing corrupted record This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-668=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libmysqlclient-devel-10.0.35-35.1 libmysqlclient18-10.0.35-35.1 libmysqlclient18-debuginfo-10.0.35-35.1 libmysqlclient_r18-10.0.35-35.1 libmysqld-devel-10.0.35-35.1 libmysqld18-10.0.35-35.1 libmysqld18-debuginfo-10.0.35-35.1 mariadb-10.0.35-35.1 mariadb-bench-10.0.35-35.1 mariadb-bench-debuginfo-10.0.35-35.1 mariadb-client-10.0.35-35.1 mariadb-client-debuginfo-10.0.35-35.1 mariadb-debuginfo-10.0.35-35.1 mariadb-debugsource-10.0.35-35.1 mariadb-errormessages-10.0.35-35.1 mariadb-test-10.0.35-35.1 mariadb-test-debuginfo-10.0.35-35.1 mariadb-tools-10.0.35-35.1 mariadb-tools-debuginfo-10.0.35-35.1 - openSUSE Leap 42.3 (x86_64): libmysqlclient18-32bit-10.0.35-35.1 libmysqlclient18-debuginfo-32bit-10.0.35-35.1 libmysqlclient_r18-32bit-10.0.35-35.1 References: https://www.suse.com/security/cve/CVE-2018-2755.html https://www.suse.com/security/cve/CVE-2018-2761.html https://www.suse.com/security/cve/CVE-2018-2766.html https://www.suse.com/security/cve/CVE-2018-2767.html https://www.suse.com/security/cve/CVE-2018-2771.html https://www.suse.com/security/cve/CVE-2018-2781.html https://www.suse.com/security/cve/CVE-2018-2782.html https://www.suse.com/security/cve/CVE-2018-2784.html https://www.suse.com/security/cve/CVE-2018-2787.html https://www.suse.com/security/cve/CVE-2018-2813.html https://www.suse.com/security/cve/CVE-2018-2817.html https://www.suse.com/security/cve/CVE-2018-2819.html https://bugzilla.suse.com/1088681 https://bugzilla.suse.com/1090518 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org