Synopsis: Moderate: mariadb security and bug fix update Advisory ID: SLSA-2018:2439-1 Issue Date: 2018-08-16 CVE Numbers: CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2771 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2017-3651 CVE-2018-2767 -- The following packages have been upgraded to a later upstream version: mariadb (5.5.60). Security Fix(es): * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Bug Fix(es): * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. -- SL7 x86_64 mariadb-5.5.60-1.el7_5.x86_64.rpm mariadb-debuginfo-5.5.60-1.el7_5.i686.rpm mariadb-debuginfo-5.5.60-1.el7_5.x86_64.rpm mariadb-libs-5.5.60-1.el7_5.i686.rpm mariadb-libs-5.5.60-1.el7_5.x86_64.rpm mariadb-server-5.5.60-1.el7_5.x86_64.rpm mariadb-bench-5.5.60-1.el7_5.x86_64.rpm mariadb-devel-5.5.60-1.el7_5.i686.rpm mariadb-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-5.5.60-1.el7_5.i686.rpm mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm mariadb-test-5.5.60-1.el7_5.x86_64.rpm mariadb-5.5.60-1.el7_5.src.rpm - Scientific Linux Development Team