Bug 936408 - VUL-0: mariadb: 10.0.18 and 10.0.19 security update
VUL-0: mariadb: 10.0.18 and 10.0.19 security update
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2015-06-29 11:01 UTC by Marcus Meissner
Modified: 2019-05-06 13:59 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-06-29 11:01:48 UTC


In addition to the MariaDB-5.5.43 fixes and improvements, the following fixes and improvements have been made to MariaDB 10.0.18.

    Performance Schema updated to 5.6.24
    XtraDB updated to XtraDB-5.6.23-72.1
    Innodb updated to InnoDB-5.6.24
    Spider updated to 3.2.21
    Mroonga updated to 5.02 


    Fixed unrecognised column quoted with backticks in a function in a HAVING clause (MDEV-7301).
    ALTER TABLE with conflicting CHARACTER SET and CONVERT TO CHARACTER SET arguments now reports error (MDEV-7386).
    Fixed Regression (from 10.0.14): Bit and hex string literals changed column names (MDEV-7629). 


    Merged derived tables/VIEWs incorrectly increment created_tmp_tables (MDEV-7586). 

Alter Table

    Some symbols in table name can cause to Error Code: 1050 when created FK. Table name is on filename charset but foreign key identifiers are not. This lead incorrect foreign key identifier number to be used (MDEV-7627).
    ALTER [ONLINE] TABLE with no options no longer requires a table copy (MDEV-7390).
    Fixed a case where it was impossible to create copy of a table if the table contained a default value for timestamp field in sql_mode="NO_ZERO_DATE" (MDEV-7778). 

Other SQL Commands

    INSTALL PLUGIN can now be done in bootstrap mode where authentication is disabled (MDEV-7781).
    Corrected error handing in AES_ENCRYPT/AES_DECRYPT where incorrect data could result in a SSL client connection being terminated (MDEV-7697).
    Corrected Assertion `status_var.memory_used == 0' failed in THD::THD() on disconnect after executing EXPLAIN for multi-table UPDATE (MDEV-7038).
    Fixed crash when dropping user within rebuild_role_grants which occurs in some cases in SHOW GRANTS and DROP ROLE (MDEV-7774).
    SHOW GRANTS now shows the password for users that have the password field set, auth_string field empty, plugin=mysql_native_password (MDEV-7985). 


    In Debug builds, an assertion could be triggered on really large blobs (MDEV-7754).
    Fixed segfault when a virtual column used on an Innodb table and an index was created on a field after the virtual column (MDEV-7367).
    Fixed server crash when inserting more rows than available space on disk (MDEV-7685).
    Now possible to get Innodb internal primary key for wrapper type storage engines (MDEV-7714). 


    Starting with this release, commits in certain instances in parallel replication complete immediately, avoiding losing throughput when many transactions need conflicting locks. See binlog_commit_wait_count (MDEV-7847 / MDEV-7882).
    Fixed parallel replication worker threads that hung in some cases with non-transactional event groups (MDEV-7929).
    Fixed parallel replication error where deadlock was incorrectly handled (MDEV-8031).
    Fixed replication aborting on DROP /*!40005 TEMPORARY */ TABLE IF EXISTS (MDEV-8016).
    Fixed replication of temporary tables in statement mode that are grouped - fix MDEV-7668 wasn't sufficient (MDEV-7936).
    Fixed ANALYZE TABLE which was ordered incorrectly in the binlog (MDEV-7888).
    Added more detailed information about errors when GTID mode IO threads fail to connect (MDEV-7975).
    Fixed temporary tables lost at STOP SLAVE in GTID mode if master has not rotated binlog since restart (MDEV-6403).
    Fixed incorrect relay log start position when restarting SQL thread after error in parallel replication (MDEV-6589).
    Fixed problem where slave was 10x slower to execute a set of statements compared to the master when using RBR (MDEV-7578).
    Parallel replication worker threads are not spawned until needed (when an SQL thread is started), and they will be de-spawned if all SQL threads are stopped (MDEV-5289).
    Multilevel slaves with parallel replication - better logic resulted in performance increase to group more transactions at the first slave level resulting in increased parallelism at the second replication level (MDEV-7249).
    Fixed problem where Intermediate master groups using CREATE TEMPORARY TABLE with INSERT could cause the INSERT to occur before the TEMPORARY TABLE it operates on, causing parallel replication failure (MDEV-7668).
    Slave SQL: stopping replication on a non-last RBR event with annotations no longer results in segfaults (MDEV-7864).
    MASTER_POS_WAIT(log_name,log_pos,timeout,"connection_name") when connection name is specified now respects the timeout (MDEV-7130).
    New status variables binlog_group_commit_trigger_count, binlog_group_commit_trigger_timeout, and binlog_group_commit_trigger_lock_wait used to examine which triggers caused a group commit to be made (MDEV-7802).
    Fixed seconds_behind_master display in SHOW SLAVE STATUS which occasionally returned 0 when it really was much higher (MDEV-5114). 


    PowerPC - fixed Innodb locking issue under high load - (MDEV-7148).
    BigEndian now builds in Cassandra storage engine (MDEV-7839).
    Fixed crash when running MariaDB Debug with InnoDB on Windows (MDEV-8079). 

Connect Engine

    CONNECT Engine Column names are now retrieved properly when field values are not latin1 characters (MDEV-7521).
    Fixed problem where connecting to missing remote table caused error that was re-reported when SHOW TABLE STATUS on a correctly formed table (MDEV-7636).
    Fixed problem where CONNECT returned error 174 on query to MS SQL Server 2012 involving timestamp column when the condition is given as a date literal (MDEV-7840).
    CONNECT now works with if(exists(select * from test)) statement in procedures (MDEV-7852).
    Fixed user variable assignment with SET @var = that resulted in ERROR 1148 (42000): CONNECT Unsupported command (MDEV-7616).
    Removed assertion in delete_or_rename_table that caused crashes on (XML) HTML tables (MDEV-7935).
    Added UDF Json_Array_Delete (MDEV-7935).
    Fixed a problem where defining indexes on a connect engine caused wrong results (MDEV-8090). 

OQ Graph Engine

    Fixed issue with incorrect handling of multiple threads (MDEV-6282, MDEV-6345 and MDEV-6784). 


    SSL connections increased from 512 to 1024 bits in Diffie-Hellman exchange to support fips (MDEV-7794).
    Fixed problem where SSL read/write timeouts were 1000 times too high due to seconds/milliseconds error (MDEV-8096).
    OpenSSL now uses MD5 even if FIPS prohibited it, fixing a previous crash. This is fine as MD5 is not used for cryptographical purposes (md5 is used internally for P_S message digests and for view checksums) (MDEV-7788).
    Fixed problem where Initialization of status variables was not invoked for embedded (no bug reference. code change)
    Corrected wrong results with bigint when compiled with gcc 5.0 (MDEV-7973).
    Fixed assertion in Protocol::end_statement where CREATE VIEW occured after another connection aborted (MDEV-8045). 


    Fixed MariaDB client where it could hang in an infinite loop based on no IO data returned (MDEV-8014). 

Security Fixes

    Fixes for the following security vulnerabilities:
        CVE-2014-8964 / CVE-2015-2325 / CVE-2015-2326 bundled PCRE contained heap-based buffer overflow vulnerability that allowed the server to crash or have other unspecified impact via a crafted regular expression made possible with the REGEXP_SUBSTR function (MDEV-8006).


    Fixed the server crash caused by mysql_upgrade (MDEV-8115)
Comment 1 Swamp Workflow Management 2015-06-29 22:00:29 UTC
bugbot adjusting priority
Comment 2 Kristyna Streitova 2015-06-30 17:24:44 UTC
MariaDB 10.0.20 submitted to SLE12 and openSUSE 13.2

|    Product    | Affected |  Request  |
| SLE12         | yes      | mr#61330  |
| openSUSE 13.2 | yes      | mr#314500 |
| devel/Factory | no*      | ---       |

* 10.0.20 already present here

Reassigning to security-team.
Comment 4 Swamp Workflow Management 2015-07-09 15:09:14 UTC
openSUSE-SU-2015:1216-1: An update that fixes 28 vulnerabilities is now available.

Category: security (important)
Bug References: 859345,914370,924663,934789,936407,936408,936409
CVE References: CVE-2014-6464,CVE-2014-6469,CVE-2014-6491,CVE-2014-6494,CVE-2014-6496,CVE-2014-6500,CVE-2014-6507,CVE-2014-6555,CVE-2014-6559,CVE-2014-6568,CVE-2014-8964,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0411,CVE-2015-0432,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    mariadb-10.0.20-2.9.1
openSUSE 13.1 (src):    mariadb-5.5.44-4.1
Comment 5 Andreas Stieger 2015-07-21 11:55:31 UTC
Comment 6 Swamp Workflow Management 2015-07-21 14:10:23 UTC
SUSE-SU-2015:1273-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 906574,919053,919062,920865,920896,921333,924663,924960,924961,934789,936407,936408,936409
CVE References: CVE-2014-8964,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Server 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Desktop 12 (src):    mariadb-10.0.20-18.1