Bug 936409

Summary: VUL-0: mariadb: 10.0.17 security update
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: astieger
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2015-06-29 11:02:47 UTC 
https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/

Notable Changes

    The new version of the Audit Plugin is 1.2 and includes the following new features:
        In the audit log, passwords are now masked, i.e. the password characters are replaced with asterisks.
        It's now possible to filter logging to include only DDL (CREATE, ALTER, etc.) or DML (INSERT, UPDATE, etc.) statements.
        For more information please refer to the About the MariaDB Audit Plugin page. The plugin is disabled by default. 
    InnoDB updated to 5.6.23
    XtraDB updated to 5.6.22-72.0
    TokuDB updated to 7.5.5
    mroonga updated to 5.0
    Spider updated to 3.2.18
    Connect updated to 1.03.0005
    HeidiSQL updated to 9.1 (MDEV-7290)
    --galera-sst-mode option removed from mysqldump (MDEV-7615)
    mysqlbinlog --binlog-row-event-max-size support added (MDEV-6703) 

    Fixes for the following security vulnerabilities:
        CVE-2015-2568
        CVE-2015-2573
        CVE-2015-0433
        CVE-2015-0441 

For a complete list of changes made in MariaDB 10.0.17, with links to detailed information on each push, see the changelog.
Comment 1 Swamp Workflow Management 2015-06-29 22:00:40 UTC 
bugbot adjusting priority
Comment 2 Kristyna Streitova 2015-06-30 17:23:39 UTC 
MariaDB 10.0.20 submitted to SLE12 and openSUSE 13.2

|    Product    | Affected |  Request  |
|---------------|----------|-----------|
| SLE12         | yes      | mr#61330  |
| openSUSE 13.2 | yes      | mr#314500 |
| devel/Factory | no*      | ---       |

* 10.0.20 already present here

Reassigning to security-team.
Comment 4 Swamp Workflow Management 2015-07-09 15:09:27 UTC 
openSUSE-SU-2015:1216-1: An update that fixes 28 vulnerabilities is now available.

Category: security (important)
Bug References: 859345,914370,924663,934789,936407,936408,936409
CVE References: CVE-2014-6464,CVE-2014-6469,CVE-2014-6491,CVE-2014-6494,CVE-2014-6496,CVE-2014-6500,CVE-2014-6507,CVE-2014-6555,CVE-2014-6559,CVE-2014-6568,CVE-2014-8964,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0411,CVE-2015-0432,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    mariadb-10.0.20-2.9.1
openSUSE 13.1 (src):    mariadb-5.5.44-4.1
Comment 5 Andreas Stieger 2015-07-21 12:11:20 UTC 
Releasing MariaDB for SLE 12
Comment 6 Swamp Workflow Management 2015-07-21 14:10:34 UTC 
SUSE-SU-2015:1273-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 906574,919053,919062,920865,920896,921333,924663,924960,924961,934789,936407,936408,936409
CVE References: CVE-2014-8964,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Server 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Desktop 12 (src):    mariadb-10.0.20-18.1