Synopsis
Moderate: mariadb security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for mariadb is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)
Security Fix(es):
- mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)
- mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)
- mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)
- mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)
- mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)
- mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)
- mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)
- mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)
- mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)
- mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)
- mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)
- mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)
- mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)
- mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)
- mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)
- mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
Affected Products
-
Red Hat Enterprise Linux Server 7 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
-
Red Hat Enterprise Linux Workstation 7 x86_64
-
Red Hat Enterprise Linux Desktop 7 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 7 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
-
Red Hat Enterprise Linux for Power, big endian 7 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
-
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
-
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
-
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
-
Red Hat Enterprise Linux for ARM 64 7 aarch64
-
Red Hat Enterprise Linux for Power 9 7 ppc64le
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
-
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Fixes
- BZ - 1472686 - CVE-2017-3636 mysql: Client programs unspecified vulnerability (CPU Jul 2017)
- BZ - 1472693 - CVE-2017-3641 mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
- BZ - 1472708 - CVE-2017-3651 mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)
- BZ - 1472711 - CVE-2017-3653 mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
- BZ - 1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
- BZ - 1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
- BZ - 1503685 - CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017)
- BZ - 1503686 - CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)
- BZ - 1535484 - CVE-2018-2562 mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
- BZ - 1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
- BZ - 1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
- BZ - 1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
- BZ - 1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
- BZ - 1564965 - CVE-2018-2767 mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)
- BZ - 1568921 - CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
- BZ - 1568924 - CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
- BZ - 1568931 - CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
- BZ - 1568942 - CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568951 - CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
- BZ - 1568954 - CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
- BZ - 1568956 - CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1584023 - systemctl start mariadb - hangs if sock file is used by another process [rhel-7.5.z]
- BZ - 1584024 - MariaDB crashing due to specific SQL statement [rhel-7.5.z]
- BZ - 1584029 - MariaDB server segfaults with select query [rhel-7.5.z]
CVEs
References