Bug 936407

Summary: VUL-1: CVE-2015-3152: mariadb: 10.0.20 update
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: astieger
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2015-06-29 10:59:55 UTC 
mariadb has released 10.0.20 to fix various bugs and the  CVE-2015-3152 oCERT-2015-003 BACKRONYM issue.

https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/
Comment 1 Swamp Workflow Management 2015-06-29 22:00:18 UTC 
bugbot adjusting priority
Comment 2 Kristyna Streitova 2015-06-30 17:25:28 UTC 
MariaDB 10.0.20 submitted to SLE12 and openSUSE 13.2

|    Product    | Affected |  Request  |
|---------------|----------|-----------|
| SLE12         | yes      | mr#61330  |
| openSUSE 13.2 | yes      | mr#314500 |
| devel/Factory | no*      | ---       |

* 10.0.20 already present here

Reassigning to security-team.
Comment 4 Swamp Workflow Management 2015-07-09 15:09:04 UTC 
openSUSE-SU-2015:1216-1: An update that fixes 28 vulnerabilities is now available.

Category: security (important)
Bug References: 859345,914370,924663,934789,936407,936408,936409
CVE References: CVE-2014-6464,CVE-2014-6469,CVE-2014-6491,CVE-2014-6494,CVE-2014-6496,CVE-2014-6500,CVE-2014-6507,CVE-2014-6555,CVE-2014-6559,CVE-2014-6568,CVE-2014-8964,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0411,CVE-2015-0432,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    mariadb-10.0.20-2.9.1
openSUSE 13.1 (src):    mariadb-5.5.44-4.1
Comment 5 Andreas Stieger 2015-07-21 12:11:42 UTC 
Releasing MariaDB for SLE 12
Comment 6 Swamp Workflow Management 2015-07-21 14:10:12 UTC 
SUSE-SU-2015:1273-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 906574,919053,919062,920865,920896,921333,924663,924960,924961,934789,936407,936408,936409
CVE References: CVE-2014-8964,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Server 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Desktop 12 (src):    mariadb-10.0.20-18.1