LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2016

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: mariadb on SL7.x x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 4 Apr 2016 13:57:09 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (74 lines)

Synopsis:          Moderate: mariadb security and bug fix update
Advisory ID:       SLSA-2016:0534-1
Issue Date:        2016-04-04
CVE Numbers:       CVE-2015-4792
                   CVE-2015-4802
                   CVE-2015-4815
                   CVE-2015-4816
                   CVE-2015-4819
                   CVE-2015-4826
                   CVE-2015-4830
                   CVE-2015-4836
                   CVE-2015-4858
                   CVE-2015-4861
                   CVE-2015-4870
                   CVE-2015-4879
                   CVE-2015-4913
                   CVE-2016-0505
                   CVE-2016-0546
                   CVE-2016-0596
                   CVE-2016-0597
                   CVE-2016-0598
                   CVE-2016-0600
                   CVE-2016-0606
                   CVE-2016-0608
                   CVE-2016-0609
                   CVE-2016-0616
                   CVE-2016-2047
--

Security Fix(es):

* It was found that the MariaDB client library did not properly check host
names against server identities noted in the X.509 certificates when
establishing secure connections using TLS/SSL. A man-in-the-middle
attacker could possibly use this flaw to impersonate a server to a client.
(CVE-2016-2047)

(CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816,
CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858,
CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505,
CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600,
CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)

Bug Fix(es):

* When more than one INSERT operation was executed concurrently on a non-
empty InnoDB table with an AUTO_INCREMENT column defined as a primary key
immediately after starting MariaDB, a race condition could occur. As a
consequence, one of the concurrent INSERT operations failed with a
"Duplicate key" error message. A patch has been applied to prevent the
race condition. Now, each row inserted as a result of the concurrent
INSERT operations receives a unique primary key, and the operations no
longer fail in this scenario.
--

SL7
  x86_64
    mariadb-5.5.47-1.el7_2.x86_64.rpm
    mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm
    mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm
    mariadb-libs-5.5.47-1.el7_2.i686.rpm
    mariadb-libs-5.5.47-1.el7_2.x86_64.rpm
    mariadb-server-5.5.47-1.el7_2.x86_64.rpm
    mariadb-bench-5.5.47-1.el7_2.x86_64.rpm
    mariadb-devel-5.5.47-1.el7_2.i686.rpm
    mariadb-devel-5.5.47-1.el7_2.x86_64.rpm
    mariadb-embedded-5.5.47-1.el7_2.i686.rpm
    mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm
    mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm
    mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm
    mariadb-test-5.5.47-1.el7_2.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV