Bug 936407 – VUL-1: CVE-2015-3152: mariadb: 10.0.20 update

Bug 936407 - VUL-1: CVE-2015-3152: mariadb: 10.0.20 update


Summary:	VUL-1: CVE-2015-3152: mariadb: 10.0.20 update

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-06-29 10:59 UTC by Marcus Meissner
Modified:	2019-05-06 13:59 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-06-29 10:59:55 UTC

mariadb has released 10.0.20 to fix various bugs and the  CVE-2015-3152 oCERT-2015-003 BACKRONYM issue.

https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/

Comment 1 Swamp Workflow Management 2015-06-29 22:00:18 UTC

bugbot adjusting priority

Comment 2 Kristyna Streitova 2015-06-30 17:25:28 UTC

MariaDB 10.0.20 submitted to SLE12 and openSUSE 13.2

|    Product    | Affected |  Request  |
|---------------|----------|-----------|
| SLE12         | yes      | mr#61330  |
| openSUSE 13.2 | yes      | mr#314500 |
| devel/Factory | no*      | ---       |

* 10.0.20 already present here

Reassigning to security-team.

Comment 4 Swamp Workflow Management 2015-07-09 15:09:04 UTC

openSUSE-SU-2015:1216-1: An update that fixes 28 vulnerabilities is now available.

Category: security (important)
Bug References: 859345,914370,924663,934789,936407,936408,936409
CVE References: CVE-2014-6464,CVE-2014-6469,CVE-2014-6491,CVE-2014-6494,CVE-2014-6496,CVE-2014-6500,CVE-2014-6507,CVE-2014-6555,CVE-2014-6559,CVE-2014-6568,CVE-2014-8964,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0411,CVE-2015-0432,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    mariadb-10.0.20-2.9.1
openSUSE 13.1 (src):    mariadb-5.5.44-4.1

Comment 5 Andreas Stieger 2015-07-21 12:11:42 UTC

Releasing MariaDB for SLE 12

Comment 6 Swamp Workflow Management 2015-07-21 14:10:12 UTC

SUSE-SU-2015:1273-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 906574,919053,919062,920865,920896,921333,924663,924960,924961,934789,936407,936408,936409
CVE References: CVE-2014-8964,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Server 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Desktop 12 (src):    mariadb-10.0.20-18.1