Bugzilla – Bug 1136035
VUL-0: mariadb: 10.2.24 security release
Last modified: 2020-01-31 14:44:52 UTC
https://mariadb.com/kb/en/library/mariadb-10224-release-notes/ Release date: 9 May 2019 MariaDB 10.2 is the previous stable series of MariaDB. It is an evolution of MariaDB 10.1 with several entirely new features not found anywhere else and with backported and reimplemented features from MySQL 5.6 and 5.7. MariaDB 10.2.24 will be a Stable (GA) release. For an overview of MariaDB 10.2 see the What is MariaDB 10.2? page. Upgrading from earlier 10.2.x versions is highly recommended for all Galera users due to bug MDEV-12837 which caused serious stability issues with earlier versions. See the bug issue page for more information. Thanks, and enjoy MariaDB! Notable Changes General server MDEV-18968 - Both (WHERE 0.1) and (WHERE NOT 0.1) return empty set MDEV-18466 - Unsafe to log updates on tables referenced by foreign keys with triggers in statement format MDEV-18899 - Server crashes in Field::set_warning_truncated_wrong_value MDEV-18298 - Crashes server with segfault during role grants MDEV-17610 - Unexpected connection abort after certain operations from within stored procedure MDEV-19112 - WITH clause does not work with information_schema as default database MDEV-17830 - Server crashes in Item_null_result::field_type upon SELECT with CHARSET(date) and ROLLUP MDEV-14041 - Server crashes in String::length on queries with functions and ROLLUP MDEV-18920 - Prepared statements with st_convexhull hang and eat 100% cpu. MDEV-15837 - Assertion item1->type() == Item::FIELD_ITEM && item2->type() == Item::FIELD_ITEM MDEV-9531 - GROUP_CONCAT with ORDER BY inside takes a lot of memory while it's executed MDEV-17036 - BULK with replace doesn't take the first parameter in account Bug#28986737 - RENAMING AND REPLACING MYSQL.USER TABLE CAN LEAD TO A SERVER CRASH MDEV-19350 - Server crashes in delete_tree_element / ... / Item_func_group_concat::repack_tree MDEV-19188 - Server Crash When Using a Trigger With A Number of Virtual Columns on INSERT/UPDATE MDEV-19352 - Server crash in alloc_histograms_for_table_share upon query from information schema InnoDB Merge InnoDB changes from MySQL 5.6.44 and 5.7.26 InnoDB persistent corruption fixes: MDEV-19426, MDEV-19022, MDEV-19241, MDEV-13942 InnoDB recovery fixes and speedup: MDEV-18733, MDEV-12699, MDEV-19356, MDEV-19426 Encryption MDEV-14398 - innodb_encrypt_tables will work even with innodb_encryption_rotate_key_age=0 Protocol MDEV-17036 - BULK with replace doesn't take the first parameter in account Replication MDEV-14784 - Slave crashes in show_status_array upon running a trigger with select from I_S Mariabackup MDEV-19060 - mariabackup continues, despite failing to open a tablespace Packaging & Misc MDEV-19054 - mysql_upgrade_service now allows MySQL 5.7 to MariaDB 10.2 upgrade Starting with this release, we are now providing src.rpm packages for some platforms (MDEV-7066) As per the MariaDB Deprecation Policy, this will be the last release of MariaDB 10.2 for Fedora 28 Security MDEV-18686 - Add option to PAM authentication plugin to allow case insensitive username matching bugfix - multi-update checked privileges on views incorrectly (commit 5057d4637525eadad438d25ee6a4870a4e6b384c) MDEV-19276 - during connect, write error log warning for ER_DBACCESS_DENIED_ERROR, if log_warnings > 1 MDEV-17456 - Malicious SUPER user can possibly change audit log configuration without leaving traces. Fixes for the following security vulnerabilities: CVE-2019-2614 CVE-2019-2627 CVE-2019-2628
SUSE-SU-2019:2020-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1126088,1132666,1136035 CVE References: CVE-2019-2614,CVE-2019-2627,CVE-2019-2628 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): mariadb-10.2.25-3.17.2, mariadb-connector-c-3.1.2-3.9.3 SUSE Linux Enterprise Module for Server Applications 15 (src): mariadb-10.2.25-3.17.2, mariadb-connector-c-3.1.2-3.9.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): mariadb-10.2.25-3.17.2, mariadb-connector-c-3.1.2-3.9.3 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): mariadb-10.2.25-3.17.2 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): mariadb-connector-c-3.1.2-3.9.3 SUSE Linux Enterprise Module for Basesystem 15 (src): mariadb-connector-c-3.1.2-3.9.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1915-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1126088,1132666,1136035 CVE References: CVE-2019-2614,CVE-2019-2627,CVE-2019-2628 Sources used: openSUSE Leap 15.0 (src): mariadb-10.2.25-lp150.2.13.1, mariadb-connector-c-3.1.2-lp150.10.1
openSUSE-SU-2019:1913-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1126088,1132666,1136035 CVE References: CVE-2019-2614,CVE-2019-2627,CVE-2019-2628 Sources used: openSUSE Leap 15.1 (src): mariadb-10.2.25-lp151.2.3.1, mariadb-connector-c-3.1.2-lp151.3.3.1
SUSE-SU-2019:2330-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1126088,1132666,1136035,1143215 CVE References: CVE-2019-2614,CVE-2019-2627,CVE-2019-2628 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): mariadb-10.2.25-3.19.2 SUSE OpenStack Cloud 9 (src): mariadb-10.2.25-3.19.2 SUSE Linux Enterprise Server 12-SP4 (src): mariadb-10.2.25-3.19.2, mariadb-connector-c-3.1.2-2.6.6 SUSE Linux Enterprise Desktop 12-SP4 (src): mariadb-10.2.25-3.19.2, mariadb-connector-c-3.1.2-2.6.6 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2867-1: An update that solves 11 vulnerabilities and has 10 fixes is now available. Category: security (moderate) Bug References: 1019074,1096985,1106515,1115960,1116846,1118900,1120657,1125893,1126088,1132593,1132666,1136035,1141121,1141676,1143215,1145796,1146578,1148158,1148383,1150895,917802 CVE References: CVE-2015-3448,CVE-2016-10127,CVE-2018-15727,CVE-2018-19039,CVE-2018-558213,CVE-2019-13611,CVE-2019-15043,CVE-2019-2614,CVE-2019-2627,CVE-2019-2628,CVE-2019-5477 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): crowbar-core-5.0+git.1569597589.1f025c557-3.32.2, crowbar-ha-5.0+git.1567673535.607aada-3.26.2, crowbar-openstack-5.0+git.1570141351.058c8bd44-4.31.2, crowbar-ui-1.2.0+git.1568396400.0344a727-3.12.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-ovs-2.7.2-3.6.1, python-pysaml2-4.0.2-5.3.3, python-urllib3-1.22-5.9.3, release-notes-suse-openstack-cloud-8.20190911-3.20.3, rubygem-easy_diff-1.0.0-3.4.2 SUSE OpenStack Cloud 8 (src): ardana-ansible-8.0+git.1566374355.c509923-3.67.3, ardana-glance-8.0+git.1566376789.be0fe01-3.17.3, ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3, ardana-input-model-8.0+git.1566517401.98450e6-3.33.3, ardana-manila-8.0+git.1568835837.2452e7a-1.21.3, ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3, ardana-nova-8.0+git.1566902754.c58ff69-3.35.3, ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3, ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-ovs-2.7.2-3.6.1, python-pysaml2-4.0.2-5.3.3, python-python-engineio-2.0.2-3.3.3, python-urllib3-1.22-5.9.3, release-notes-suse-openstack-cloud-8.20190911-3.20.3, venv-openstack-aodh-5.1.1~dev7-12.20.2, venv-openstack-barbican-5.0.2~dev3-12.21.2, venv-openstack-ceilometer-9.0.8~dev7-12.18.2, venv-openstack-cinder-11.2.3~dev16-14.21.2, venv-openstack-designate-5.0.3~dev7-12.19.2, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.16.2, venv-openstack-glance-15.0.3~dev3-12.19.2, venv-openstack-heat-9.0.8~dev13-12.21.2, venv-openstack-horizon-12.0.4~dev6-14.26.2, venv-openstack-ironic-9.1.8~dev7-12.21.2, venv-openstack-keystone-12.0.4~dev4-11.22.3, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.20.2, venv-openstack-manila-5.1.1~dev2-12.23.2, venv-openstack-monasca-2.2.2~dev1-11.18.2, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.16.2, venv-openstack-murano-4.0.2~dev2-12.16.2, venv-openstack-neutron-11.0.9~dev51-13.24.3, venv-openstack-nova-16.1.9~dev7-11.22.3, venv-openstack-octavia-1.0.6~dev2-12.21.2, venv-openstack-sahara-7.0.4~dev1-11.20.2, venv-openstack-swift-2.15.2-11.13.3, venv-openstack-trove-8.0.1~dev13-11.20.2 HPE Helion Openstack 8 (src): ardana-ansible-8.0+git.1566374355.c509923-3.67.3, ardana-glance-8.0+git.1566376789.be0fe01-3.17.3, ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3, ardana-input-model-8.0+git.1566517401.98450e6-3.33.3, ardana-manila-8.0+git.1568835837.2452e7a-1.21.3, ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3, ardana-nova-8.0+git.1566902754.c58ff69-3.35.3, ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3, ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-pysaml2-4.0.2-5.3.3, python-python-engineio-2.0.2-3.3.3, python-urllib3-1.22-5.9.3, release-notes-hpe-helion-openstack-8.20190911-3.20.3, venv-openstack-aodh-5.1.1~dev7-12.20.2, venv-openstack-barbican-5.0.2~dev3-12.21.2, venv-openstack-ceilometer-9.0.8~dev7-12.18.2, venv-openstack-cinder-11.2.3~dev16-14.21.2, venv-openstack-designate-5.0.3~dev7-12.19.2, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.16.2, venv-openstack-glance-15.0.3~dev3-12.19.2, venv-openstack-heat-9.0.8~dev13-12.21.2, venv-openstack-horizon-hpe-12.0.4~dev6-14.26.2, venv-openstack-ironic-9.1.8~dev7-12.21.2, venv-openstack-keystone-12.0.4~dev4-11.22.3, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.20.2, venv-openstack-manila-5.1.1~dev2-12.23.2, venv-openstack-monasca-2.2.2~dev1-11.18.2, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.16.2, venv-openstack-murano-4.0.2~dev2-12.16.2, venv-openstack-neutron-11.0.9~dev51-13.24.3, venv-openstack-nova-16.1.9~dev7-11.22.3, venv-openstack-octavia-1.0.6~dev2-12.21.2, venv-openstack-sahara-7.0.4~dev1-11.20.2, venv-openstack-swift-2.15.2-11.13.3, venv-openstack-trove-8.0.1~dev13-11.20.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:3270-1: An update that solves four vulnerabilities and has 6 fixes is now available. Category: security (moderate) Bug References: 1075812,1123053,1126088,1126428,1129729,1132666,1136035,1143215,1152916,1155089 CVE References: CVE-2017-1002201,CVE-2019-2614,CVE-2019-2627,CVE-2019-2628 Sources used: SUSE OpenStack Cloud 7 (src): caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-1.9.1, crowbar-core-4.0+git.1573109906.0f62e9503-9.57.2, crowbar-openstack-4.0+git.1573038068.1e32b3205-9.62.2, crowbar-ui-1.1.0+git.1547500033.d0fb2bf2-4.12.1, galera-3-25.3.25-11.1, mariadb-10.2.25-13.1, mariadb-connector-c-3.1.2-1.9.1, openstack-dashboard-theme-SUSE-2016.2-5.9.2, openstack-heat-templates-0.0.0+git.1515995585.81ed236-12.1, openstack-neutron-9.4.2~dev21-7.35.3, openstack-neutron-doc-9.4.2~dev21-7.35.1, openstack-nova-14.0.11~dev13-4.37.3, openstack-nova-doc-14.0.11~dev13-4.37.2, patterns-cloud-20170124-4.6.1, python-oslo.messaging-5.10.2-3.12.1, python-oslo.utils-3.16.1-3.6.1, python-pysaml2-4.0.2-3.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released