SUSE-SU-2018:1853-1: important: Recommended update for mariadb
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Jun 29 13:11:25 MDT 2018
SUSE Security Update: Recommended update for mariadb
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1853-1
Rating: important
References: #1012075 #1019948 #1039034 #1041891 #1042632
#1043328 #1047218 #1055165 #1055268 #1058374
#1058729 #1060110 #1062583 #1067443 #1068906
#1069401 #1080891 #1082318 #1083087 #1088681
#1092544 #1093130
Cross-References: CVE-2017-10268 CVE-2017-10286 CVE-2017-10320
CVE-2017-10365 CVE-2017-10378 CVE-2017-10379
CVE-2017-10384 CVE-2017-15365 CVE-2017-3257
CVE-2017-3302 CVE-2017-3308 CVE-2017-3309
CVE-2017-3313 CVE-2017-3453 CVE-2017-3456
CVE-2017-3464 CVE-2017-3636 CVE-2017-3641
CVE-2017-3653 CVE-2018-2562 CVE-2018-2612
CVE-2018-2622 CVE-2018-2640 CVE-2018-2665
CVE-2018-2668 CVE-2018-2755 CVE-2018-2759
CVE-2018-2761 CVE-2018-2766 CVE-2018-2767
CVE-2018-2771 CVE-2018-2777 CVE-2018-2781
CVE-2018-2782 CVE-2018-2784 CVE-2018-2786
CVE-2018-2787 CVE-2018-2810 CVE-2018-2813
CVE-2018-2817 CVE-2018-2819
Affected Products:
SUSE OpenStack Cloud 7
______________________________________________________________________________
An update that fixes 41 vulnerabilities is now available.
Description:
This MariaDB update to version 10.2.15 brings the following fixes and
improvements.
Security issues:
- CVE-2018-2767: The embedded server library now supports SSL when
connecting to remote servers (bsc#1088681).
- Collected CVEs fixes:
* 10.2.15: CVE-2018-2786, CVE-2018-2759, CVE-2018-2777, CVE-2018-2810,
CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766,
CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761,
CVE-2018-2781, CVE-2018-2771, CVE-2018-2813
* 10.2.13: CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665,
CVE-2018-2668, CVE-2018-2612
* 10.2.10: CVE-2017-10378, CVE-2017-10268, CVE-2017-15365
* 10.2.8: CVE-2017-3636, CVE-2017-3641, CVE-2017-3653, CVE-2017-10320,
CVE-2017-10365, CVE-2017-10379, CVE-2017-10384, CVE-2017-10286,
CVE-2017-3257
* 10.2.6: CVE-2017-3308, CVE-2017-3309, CVE-2017-3453, CVE-2017-3456,
CVE-2017-3464
* 10.2.5: CVE-2017-3313, CVE-2017-3302
Bugfixes:
- bsc#1092544: Update suse_skipped_tests.list and add tests that are
failing with GCC 8.
- bsc#1012075: MariaDB Test Suite issue with test
sys_vars.secure_file_priv.test.
- bsc#1019948: mariadb even tumbleweed version is super old.
- bsc#1039034: no ODBC support in MariaDB Server.
- bsc#1041891: Make mariadb tests pass and exclude failures.
- bsc#1042632: Mariadb fails to build with openssl-1.1.
- bsc#1043328: Update mariadb in TW to 10.2 and drop comat with mysql.
- bsc#1047218: trackerbug: packages do not build reproducibly from
including build time.
- bsc#1055165: mariadb build with cassandra enabled.
- bsc#1055268: MariaDB configurations are not overwritable.
- bsc#1058374: Use bind-address directive and SSL section settings in
default my.cnf.
- bsc#1058729: MariaDB - mysql-test - connect.drop-open-error is failing
(regression).
- bsc#1060110: The mariadb install script depends on hostname but does not
require it.
- bsc#1062583: Stop using boost-devel.
- bsc#1067443: incomplete revert of the mariadb service rename.
- bsc#1068906: MariaDB: ALTER TABLE can't rename columns with CHECK
constraints.
- bsc#1069401: Database failed apply with mariadb 10.2 : RuntimeError:
Galera cluster did not start after 600 seconds.
- bsc#1080891: server:database/mariadb: up-streaming patches.
- bsc#1083087: Galera bootstrap failes work after MariaDB 10.2.13 upgrade.
- bsc#1082318: mariadb-connector-c.changes and xtrabackup need to use %doc
instead of %license.
Release notes and changelog:
- https://mariadb.com/kb/en/library/mariadb-10215-release-notes
- https://mariadb.com/kb/en/library/mariadb-10215-changelog
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1253=1
Package List:
- SUSE OpenStack Cloud 7 (noarch):
mariadb-errormessages-10.2.15-7.1
- SUSE OpenStack Cloud 7 (x86_64):
galera-3-wsrep-provider-25.3.23-8.3
galera-3-wsrep-provider-debuginfo-25.3.23-8.3
libmariadb3-3.0.3-1.3.3
mariadb-10.2.15-7.1
mariadb-client-10.2.15-7.1
mariadb-client-debuginfo-10.2.15-7.1
mariadb-debuginfo-10.2.15-7.1
mariadb-debugsource-10.2.15-7.1
mariadb-galera-10.2.15-7.1
mariadb-tools-10.2.15-7.1
mariadb-tools-debuginfo-10.2.15-7.1
ruby2.1-rubygem-mysql2-0.4.10-7.2
ruby2.1-rubygem-mysql2-debuginfo-0.4.10-7.2
xtrabackup-2.4.10-5.3
xtrabackup-debuginfo-2.4.10-5.3
xtrabackup-debugsource-2.4.10-5.3
References:
https://www.suse.com/security/cve/CVE-2017-10268.html
https://www.suse.com/security/cve/CVE-2017-10286.html
https://www.suse.com/security/cve/CVE-2017-10320.html
https://www.suse.com/security/cve/CVE-2017-10365.html
https://www.suse.com/security/cve/CVE-2017-10378.html
https://www.suse.com/security/cve/CVE-2017-10379.html
https://www.suse.com/security/cve/CVE-2017-10384.html
https://www.suse.com/security/cve/CVE-2017-15365.html
https://www.suse.com/security/cve/CVE-2017-3257.html
https://www.suse.com/security/cve/CVE-2017-3302.html
https://www.suse.com/security/cve/CVE-2017-3308.html
https://www.suse.com/security/cve/CVE-2017-3309.html
https://www.suse.com/security/cve/CVE-2017-3313.html
https://www.suse.com/security/cve/CVE-2017-3453.html
https://www.suse.com/security/cve/CVE-2017-3456.html
https://www.suse.com/security/cve/CVE-2017-3464.html
https://www.suse.com/security/cve/CVE-2017-3636.html
https://www.suse.com/security/cve/CVE-2017-3641.html
https://www.suse.com/security/cve/CVE-2017-3653.html
https://www.suse.com/security/cve/CVE-2018-2562.html
https://www.suse.com/security/cve/CVE-2018-2612.html
https://www.suse.com/security/cve/CVE-2018-2622.html
https://www.suse.com/security/cve/CVE-2018-2640.html
https://www.suse.com/security/cve/CVE-2018-2665.html
https://www.suse.com/security/cve/CVE-2018-2668.html
https://www.suse.com/security/cve/CVE-2018-2755.html
https://www.suse.com/security/cve/CVE-2018-2759.html
https://www.suse.com/security/cve/CVE-2018-2761.html
https://www.suse.com/security/cve/CVE-2018-2766.html
https://www.suse.com/security/cve/CVE-2018-2767.html
https://www.suse.com/security/cve/CVE-2018-2771.html
https://www.suse.com/security/cve/CVE-2018-2777.html
https://www.suse.com/security/cve/CVE-2018-2781.html
https://www.suse.com/security/cve/CVE-2018-2782.html
https://www.suse.com/security/cve/CVE-2018-2784.html
https://www.suse.com/security/cve/CVE-2018-2786.html
https://www.suse.com/security/cve/CVE-2018-2787.html
https://www.suse.com/security/cve/CVE-2018-2810.html
https://www.suse.com/security/cve/CVE-2018-2813.html
https://www.suse.com/security/cve/CVE-2018-2817.html
https://www.suse.com/security/cve/CVE-2018-2819.html
https://bugzilla.suse.com/1012075
https://bugzilla.suse.com/1019948
https://bugzilla.suse.com/1039034
https://bugzilla.suse.com/1041891
https://bugzilla.suse.com/1042632
https://bugzilla.suse.com/1043328
https://bugzilla.suse.com/1047218
https://bugzilla.suse.com/1055165
https://bugzilla.suse.com/1055268
https://bugzilla.suse.com/1058374
https://bugzilla.suse.com/1058729
https://bugzilla.suse.com/1060110
https://bugzilla.suse.com/1062583
https://bugzilla.suse.com/1067443
https://bugzilla.suse.com/1068906
https://bugzilla.suse.com/1069401
https://bugzilla.suse.com/1080891
https://bugzilla.suse.com/1082318
https://bugzilla.suse.com/1083087
https://bugzilla.suse.com/1088681
https://bugzilla.suse.com/1092544
https://bugzilla.suse.com/1093130
More information about the sle-security-updates
mailing list