openSUSE Security Update: Security update for mariadb
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:1800-1
Rating:             important
References:         #1088681 #1090518 
Cross-References:   CVE-2018-2755 CVE-2018-2761 CVE-2018-2766
                    CVE-2018-2767 CVE-2018-2771 CVE-2018-2781
                    CVE-2018-2782 CVE-2018-2784 CVE-2018-2787
                    CVE-2018-2813 CVE-2018-2817 CVE-2018-2819
                   
Affected Products:
                    openSUSE Leap 42.3
______________________________________________________________________________

   An update that fixes 12 vulnerabilities is now available.

Description:

   This update for MariaDB to version 10.0.35 fixes multiple issues:

   Security issues fixed:

   * CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518)
   * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518)
   * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes
     (bsc#1090518)
   * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518)
   * CVE-2018-2755: Unspecified vulnerability in Replication allowing server
     compromise (bsc#1090518)
   * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB  (bsc#1090518)
   * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518)
   * CVE-2018-2761: Unspecified DoS vulnerability in Client programs
     (bsc#1090518)
   * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer
     (bsc#1090518)
   * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking
     component (bsc#1090518)
   * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing
     unauthorized reads (bsc#1090518)
   * CVE-2018-2767: The embedded server library now supports SSL when
     connecting to remote servers (bsc#1088681)

   The following changes are included:

   * XtraDB updated to 5.6.39-83.1
   * TokuDB updated to 5.6.39-83.1
   * InnoDB updated to 5.6.40
   * Fix for Crash in MVCC read after IMPORT TABLESPACE
   * Fix for innodb_read_only trying to modify files if transactions were
     recovered in COMMITTED state
   * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index
   * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing
     corrupted record

   This update was imported from the SUSE:SLE-12-SP1:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.3:

      zypper in -t patch openSUSE-2018-668=1



Package List:

   - openSUSE Leap 42.3 (i586 x86_64):

      libmysqlclient-devel-10.0.35-35.1
      libmysqlclient18-10.0.35-35.1
      libmysqlclient18-debuginfo-10.0.35-35.1
      libmysqlclient_r18-10.0.35-35.1
      libmysqld-devel-10.0.35-35.1
      libmysqld18-10.0.35-35.1
      libmysqld18-debuginfo-10.0.35-35.1
      mariadb-10.0.35-35.1
      mariadb-bench-10.0.35-35.1
      mariadb-bench-debuginfo-10.0.35-35.1
      mariadb-client-10.0.35-35.1
      mariadb-client-debuginfo-10.0.35-35.1
      mariadb-debuginfo-10.0.35-35.1
      mariadb-debugsource-10.0.35-35.1
      mariadb-errormessages-10.0.35-35.1
      mariadb-test-10.0.35-35.1
      mariadb-test-debuginfo-10.0.35-35.1
      mariadb-tools-10.0.35-35.1
      mariadb-tools-debuginfo-10.0.35-35.1

   - openSUSE Leap 42.3 (x86_64):

      libmysqlclient18-32bit-10.0.35-35.1
      libmysqlclient18-debuginfo-32bit-10.0.35-35.1
      libmysqlclient_r18-32bit-10.0.35-35.1


References:

   https://www.suse.com/security/cve/CVE-2018-2755.html
   https://www.suse.com/security/cve/CVE-2018-2761.html
   https://www.suse.com/security/cve/CVE-2018-2766.html
   https://www.suse.com/security/cve/CVE-2018-2767.html
   https://www.suse.com/security/cve/CVE-2018-2771.html
   https://www.suse.com/security/cve/CVE-2018-2781.html
   https://www.suse.com/security/cve/CVE-2018-2782.html
   https://www.suse.com/security/cve/CVE-2018-2784.html
   https://www.suse.com/security/cve/CVE-2018-2787.html
   https://www.suse.com/security/cve/CVE-2018-2813.html
   https://www.suse.com/security/cve/CVE-2018-2817.html
   https://www.suse.com/security/cve/CVE-2018-2819.html
   https://bugzilla.suse.com/1088681
   https://bugzilla.suse.com/1090518

--

openSUSE: 2018:1800-1: important: mariadb

June 23, 2018
An update that fixes 12 vulnerabilities is now available.

Description

This update for MariaDB to version 10.0.35 fixes multiple issues: Security issues fixed: * CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes (bsc#1090518) * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518) * CVE-2018-2755: Unspecified vulnerability in Replication allowing server compromise (bsc#1090518) * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518) * CVE-2018-2761: Unspecified DoS vulnerability in Client programs (bsc#1090518) * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer (bsc#1090518) * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking component (bsc#1090518) * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing unauthorized reads (bsc#1090518) * CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681) The following changes are included: * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * Fix for Crash in MVCC read after IMPORT TABLESPACE * Fix for innodb_read_only trying to modify files if transactions were recovered in COMMITTED state * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing corrupted record This update was imported from the SUSE:SLE-12-SP1:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-668=1


Package List

- openSUSE Leap 42.3 (i586 x86_64): libmysqlclient-devel-10.0.35-35.1 libmysqlclient18-10.0.35-35.1 libmysqlclient18-debuginfo-10.0.35-35.1 libmysqlclient_r18-10.0.35-35.1 libmysqld-devel-10.0.35-35.1 libmysqld18-10.0.35-35.1 libmysqld18-debuginfo-10.0.35-35.1 mariadb-10.0.35-35.1 mariadb-bench-10.0.35-35.1 mariadb-bench-debuginfo-10.0.35-35.1 mariadb-client-10.0.35-35.1 mariadb-client-debuginfo-10.0.35-35.1 mariadb-debuginfo-10.0.35-35.1 mariadb-debugsource-10.0.35-35.1 mariadb-errormessages-10.0.35-35.1 mariadb-test-10.0.35-35.1 mariadb-test-debuginfo-10.0.35-35.1 mariadb-tools-10.0.35-35.1 mariadb-tools-debuginfo-10.0.35-35.1 - openSUSE Leap 42.3 (x86_64): libmysqlclient18-32bit-10.0.35-35.1 libmysqlclient18-debuginfo-32bit-10.0.35-35.1 libmysqlclient_r18-32bit-10.0.35-35.1


References

https://www.suse.com/security/cve/CVE-2018-2755.html https://www.suse.com/security/cve/CVE-2018-2761.html https://www.suse.com/security/cve/CVE-2018-2766.html https://www.suse.com/security/cve/CVE-2018-2767.html https://www.suse.com/security/cve/CVE-2018-2771.html https://www.suse.com/security/cve/CVE-2018-2781.html https://www.suse.com/security/cve/CVE-2018-2782.html https://www.suse.com/security/cve/CVE-2018-2784.html https://www.suse.com/security/cve/CVE-2018-2787.html https://www.suse.com/security/cve/CVE-2018-2813.html https://www.suse.com/security/cve/CVE-2018-2817.html https://www.suse.com/security/cve/CVE-2018-2819.html https://bugzilla.suse.com/1088681 https://bugzilla.suse.com/1090518--


Severity
Announcement ID: openSUSE-SU-2018:1800-1
Rating: important
Affected Products: openSUSE Leap 42.3

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved