Synopsis: Moderate: mariadb security and bug fix update Advisory ID: SLSA-2016:0534-1 Issue Date: 2016-04-04 CVE Numbers: CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-2047 -- Security Fix(es): * It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047) (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616) Bug Fix(es): * When more than one INSERT operation was executed concurrently on a non- empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a "Duplicate key" error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. -- SL7 x86_64 mariadb-5.5.47-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm mariadb-libs-5.5.47-1.el7_2.i686.rpm mariadb-libs-5.5.47-1.el7_2.x86_64.rpm mariadb-server-5.5.47-1.el7_2.x86_64.rpm mariadb-bench-5.5.47-1.el7_2.x86_64.rpm mariadb-devel-5.5.47-1.el7_2.i686.rpm mariadb-devel-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-5.5.47-1.el7_2.i686.rpm mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm mariadb-test-5.5.47-1.el7_2.x86_64.rpm - Scientific Linux Development Team