Synopsis
Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for rh-mariadb102-mariadb and rh-mariadb102-galera is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
The following packages have been upgraded to a later upstream version: rh-mariadb102-mariadb (10.2.22), rh-mariadb102-galera (25.3.25).
Security Fix(es):
- mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)
- mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)
- mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks (CVE-2017-15365)
- mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)
- mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jan 2018) (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)
- mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)
- mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2819)
- mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)
- mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)
- mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)
- mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2813, CVE-2018-2817)
- mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)
- mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2018) (CVE-2018-3060, CVE-2018-3064)
- mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063)
- mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)
- mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) (CVE-2018-3133)
- mysql: InnoDB multiple unspecified vulnerabilities (CPU Oct 2018) (CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3284)
- mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)
- mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2455)
- mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)
- mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)
- mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537)
- mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)
- mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) (CVE-2018-3174)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- SELinux blocks working in /tmp directory for wsrep_recover_position function (BZ#1701252)
- mysql faces a bug which prevents bacula from functioning (BZ#1701254)
- GSSAPI module build fix - backport request (BZ#1701257)
- Deadlock in RNG initialization in the FIPS mode on some circumstances (BZ#1701258)
- Use appropriate version of Galera (BZ#1704162)
- Encountered WSREP: BF lock wait long for trx MariaDB 10.2.8 (BZ#1709233)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.
Affected Products
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.5 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.5 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.4 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.4 ppc64le
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
-
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
-
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
-
Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
-
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
-
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
-
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64
Fixes
- BZ - 1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
- BZ - 1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
- BZ - 1524234 - CVE-2017-15365 mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks
- BZ - 1535484 - CVE-2018-2562 mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
- BZ - 1535497 - CVE-2018-2612 mysql: InnoDB unspecified vulnerability (CPU Jan 2018)
- BZ - 1535499 - CVE-2018-2622 mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
- BZ - 1535500 - CVE-2018-2640 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
- BZ - 1535504 - CVE-2018-2665 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
- BZ - 1535506 - CVE-2018-2668 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
- BZ - 1568921 - CVE-2018-2755 mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
- BZ - 1568923 - CVE-2018-2759 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568924 - CVE-2018-2761 mysql: Client programs unspecified vulnerability (CPU Apr 2018)
- BZ - 1568926 - CVE-2018-2766 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568931 - CVE-2018-2771 mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
- BZ - 1568937 - CVE-2018-2777 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568942 - CVE-2018-2781 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
- BZ - 1568943 - CVE-2018-2782 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568944 - CVE-2018-2784 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568945 - CVE-2018-2786 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568946 - CVE-2018-2787 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568949 - CVE-2018-2810 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1568951 - CVE-2018-2813 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
- BZ - 1568954 - CVE-2018-2817 mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
- BZ - 1568956 - CVE-2018-2819 mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
- BZ - 1602356 - CVE-2018-3058 mysql: MyISAM unspecified vulnerability (CPU Jul 2018)
- BZ - 1602357 - CVE-2018-3060 mysql: InnoDB unspecified vulnerability (CPU Jul 2018)
- BZ - 1602363 - CVE-2018-3063 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018)
- BZ - 1602364 - CVE-2018-3064 mysql: InnoDB unspecified vulnerability (CPU Jul 2018)
- BZ - 1602366 - CVE-2018-3066 mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
- BZ - 1602424 - CVE-2018-3081 mysql: Client programs unspecified vulnerability (CPU Jul 2018)
- BZ - 1640308 - CVE-2018-3200 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640310 - CVE-2018-3284 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640312 - CVE-2018-3173 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640316 - CVE-2018-3162 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640318 - CVE-2018-3156 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640321 - CVE-2018-3174 mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)
- BZ - 1640322 - CVE-2018-3282 mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
- BZ - 1640325 - CVE-2018-3277 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640331 - CVE-2018-3133 mysql: Server: Parser unspecified vulnerability (CPU Oct 2018)
- BZ - 1640332 - CVE-2018-3143 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640335 - CVE-2018-3251 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1640337 - CVE-2018-3185 mysql: InnoDB unspecified vulnerability (CPU Oct 2018)
- BZ - 1666742 - CVE-2019-2455 mysql: Server: Parser unspecified vulnerability (CPU Jan 2019)
- BZ - 1666749 - CVE-2019-2503 mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)
- BZ - 1666751 - CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019)
- BZ - 1666763 - CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
- BZ - 1701252 - SELinux blocks working in /tmp directory for wsrep_recover_position function [3.2.z]
- BZ - 1701257 - GSSAPI module build fix - backport request [3.2.z]
- BZ - 1704162 - Use appropriate version of Galera [3.2.z]
- BZ - 1709233 - Encountered WSREP: BF lock wait long for trx MariaDB 10.2.8 [rhscl-3.2.z]
CVEs
References