LISTSERV 16.5 - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: mariadb security and bug fix update
Advisory ID:       SLSA-2018:2439-1
Issue Date:        2018-08-16
CVE Numbers:       CVE-2017-3636
                   CVE-2017-3641
                   CVE-2017-3653
                   CVE-2017-10268
                   CVE-2017-10378
                   CVE-2017-10379
                   CVE-2017-10384
                   CVE-2018-2562
                   CVE-2018-2622
                   CVE-2018-2640
                   CVE-2018-2665
                   CVE-2018-2668
                   CVE-2018-2755
                   CVE-2018-2761
                   CVE-2018-2771
                   CVE-2018-2781
                   CVE-2018-2813
                   CVE-2018-2817
                   CVE-2018-2819
                   CVE-2017-3651
                   CVE-2018-2767
--

The following packages have been upgraded to a later upstream version:
mariadb (5.5.60).

Security Fix(es):

* mysql: Client programs unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3636)

* mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3641)

* mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3651)

* mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10268)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10378)

* mysql: Client programs unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10379)

* mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)
(CVE-2017-10384)

* mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2562)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2622)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2640)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2665)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
(CVE-2018-2668)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2755)

* mysql: Client programs unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2761)

* mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2771)

* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2781)

* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2813)

* mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
(CVE-2018-2817)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)

* mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
(CVE-2017-3653)

* mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)
(CVE-2018-2767)

Bug Fix(es):

* Previously, the mysqladmin tool waited for an inadequate length of time
if the socket it listened on did not respond in a specific way.
Consequently, when the socket was used while the MariaDB server was
starting, the mariadb service became unresponsive for a long time. With
this update, the mysqladmin timeout has been shortened to 2 seconds. As a
result, the mariadb service either starts or fails but no longer hangs in
the described situation.
--

SL7
  x86_64
    mariadb-5.5.60-1.el7_5.x86_64.rpm
    mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm
    mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm
    mariadb-libs-5.5.60-1.el7_5.i686.rpm
    mariadb-libs-5.5.60-1.el7_5.x86_64.rpm
    mariadb-server-5.5.60-1.el7_5.x86_64.rpm
    mariadb-bench-5.5.60-1.el7_5.x86_64.rpm
    mariadb-devel-5.5.60-1.el7_5.i686.rpm
    mariadb-devel-5.5.60-1.el7_5.x86_64.rpm
    mariadb-embedded-5.5.60-1.el7_5.i686.rpm
    mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm
    mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm
    mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm
    mariadb-test-5.5.60-1.el7_5.x86_64.rpm
    mariadb-5.5.60-1.el7_5.src.rpm

- Scientific Linux Development Team