Bugzilla – Bug 936408
VUL-0: mariadb: 10.0.18 and 10.0.19 security update
Last modified: 2019-05-06 13:59:10 UTC
In addition to the MariaDB-5.5.43 fixes and improvements, the following fixes and improvements have been made to MariaDB 10.0.18.
Performance Schema updated to 5.6.24
XtraDB updated to XtraDB-5.6.23-72.1
Innodb updated to InnoDB-5.6.24
Spider updated to 3.2.21
Mroonga updated to 5.02
Fixed unrecognised column quoted with backticks in a function in a HAVING clause (MDEV-7301).
ALTER TABLE with conflicting CHARACTER SET and CONVERT TO CHARACTER SET arguments now reports error (MDEV-7386).
Fixed Regression (from 10.0.14): Bit and hex string literals changed column names (MDEV-7629).
Merged derived tables/VIEWs incorrectly increment created_tmp_tables (MDEV-7586).
Some symbols in table name can cause to Error Code: 1050 when created FK. Table name is on filename charset but foreign key identifiers are not. This lead incorrect foreign key identifier number to be used (MDEV-7627).
ALTER [ONLINE] TABLE with no options no longer requires a table copy (MDEV-7390).
Fixed a case where it was impossible to create copy of a table if the table contained a default value for timestamp field in sql_mode="NO_ZERO_DATE" (MDEV-7778).
Other SQL Commands
INSTALL PLUGIN can now be done in bootstrap mode where authentication is disabled (MDEV-7781).
Corrected error handing in AES_ENCRYPT/AES_DECRYPT where incorrect data could result in a SSL client connection being terminated (MDEV-7697).
Corrected Assertion `status_var.memory_used == 0' failed in THD::THD() on disconnect after executing EXPLAIN for multi-table UPDATE (MDEV-7038).
Fixed crash when dropping user within rebuild_role_grants which occurs in some cases in SHOW GRANTS and DROP ROLE (MDEV-7774).
SHOW GRANTS now shows the password for users that have the password field set, auth_string field empty, plugin=mysql_native_password (MDEV-7985).
In Debug builds, an assertion could be triggered on really large blobs (MDEV-7754).
Fixed segfault when a virtual column used on an Innodb table and an index was created on a field after the virtual column (MDEV-7367).
Fixed server crash when inserting more rows than available space on disk (MDEV-7685).
Now possible to get Innodb internal primary key for wrapper type storage engines (MDEV-7714).
Starting with this release, commits in certain instances in parallel replication complete immediately, avoiding losing throughput when many transactions need conflicting locks. See binlog_commit_wait_count (MDEV-7847 / MDEV-7882).
Fixed parallel replication worker threads that hung in some cases with non-transactional event groups (MDEV-7929).
Fixed parallel replication error where deadlock was incorrectly handled (MDEV-8031).
Fixed replication aborting on DROP /*!40005 TEMPORARY */ TABLE IF EXISTS (MDEV-8016).
Fixed replication of temporary tables in statement mode that are grouped - fix MDEV-7668 wasn't sufficient (MDEV-7936).
Fixed ANALYZE TABLE which was ordered incorrectly in the binlog (MDEV-7888).
Added more detailed information about errors when GTID mode IO threads fail to connect (MDEV-7975).
Fixed temporary tables lost at STOP SLAVE in GTID mode if master has not rotated binlog since restart (MDEV-6403).
Fixed incorrect relay log start position when restarting SQL thread after error in parallel replication (MDEV-6589).
Fixed problem where slave was 10x slower to execute a set of statements compared to the master when using RBR (MDEV-7578).
Parallel replication worker threads are not spawned until needed (when an SQL thread is started), and they will be de-spawned if all SQL threads are stopped (MDEV-5289).
Multilevel slaves with parallel replication - better logic resulted in performance increase to group more transactions at the first slave level resulting in increased parallelism at the second replication level (MDEV-7249).
Fixed problem where Intermediate master groups using CREATE TEMPORARY TABLE with INSERT could cause the INSERT to occur before the TEMPORARY TABLE it operates on, causing parallel replication failure (MDEV-7668).
Slave SQL: stopping replication on a non-last RBR event with annotations no longer results in segfaults (MDEV-7864).
MASTER_POS_WAIT(log_name,log_pos,timeout,"connection_name") when connection name is specified now respects the timeout (MDEV-7130).
New status variables binlog_group_commit_trigger_count, binlog_group_commit_trigger_timeout, and binlog_group_commit_trigger_lock_wait used to examine which triggers caused a group commit to be made (MDEV-7802).
Fixed seconds_behind_master display in SHOW SLAVE STATUS which occasionally returned 0 when it really was much higher (MDEV-5114).
PowerPC - fixed Innodb locking issue under high load - (MDEV-7148).
BigEndian now builds in Cassandra storage engine (MDEV-7839).
Fixed crash when running MariaDB Debug with InnoDB on Windows (MDEV-8079).
CONNECT Engine Column names are now retrieved properly when field values are not latin1 characters (MDEV-7521).
Fixed problem where connecting to missing remote table caused error that was re-reported when SHOW TABLE STATUS on a correctly formed table (MDEV-7636).
Fixed problem where CONNECT returned error 174 on query to MS SQL Server 2012 involving timestamp column when the condition is given as a date literal (MDEV-7840).
CONNECT now works with if(exists(select * from test)) statement in procedures (MDEV-7852).
Fixed user variable assignment with SET @var = that resulted in ERROR 1148 (42000): CONNECT Unsupported command (MDEV-7616).
Removed assertion in delete_or_rename_table that caused crashes on (XML) HTML tables (MDEV-7935).
Added UDF Json_Array_Delete (MDEV-7935).
Fixed a problem where defining indexes on a connect engine caused wrong results (MDEV-8090).
OQ Graph Engine
Fixed issue with incorrect handling of multiple threads (MDEV-6282, MDEV-6345 and MDEV-6784).
SSL connections increased from 512 to 1024 bits in Diffie-Hellman exchange to support fips (MDEV-7794).
Fixed problem where SSL read/write timeouts were 1000 times too high due to seconds/milliseconds error (MDEV-8096).
OpenSSL now uses MD5 even if FIPS prohibited it, fixing a previous crash. This is fine as MD5 is not used for cryptographical purposes (md5 is used internally for P_S message digests and for view checksums) (MDEV-7788).
Fixed problem where Initialization of status variables was not invoked for embedded (no bug reference. code change)
Corrected wrong results with bigint when compiled with gcc 5.0 (MDEV-7973).
Fixed assertion in Protocol::end_statement where CREATE VIEW occured after another connection aborted (MDEV-8045).
Fixed MariaDB client where it could hang in an infinite loop based on no IO data returned (MDEV-8014).
Fixes for the following security vulnerabilities:
CVE-2014-8964 / CVE-2015-2325 / CVE-2015-2326 bundled PCRE contained heap-based buffer overflow vulnerability that allowed the server to crash or have other unspecified impact via a crafted regular expression made possible with the REGEXP_SUBSTR function (MDEV-8006).
Fixed the server crash caused by mysql_upgrade (MDEV-8115)
bugbot adjusting priority
MariaDB 10.0.20 submitted to SLE12 and openSUSE 13.2
| Product | Affected | Request |
| SLE12 | yes | mr#61330 |
| openSUSE 13.2 | yes | mr#314500 |
| devel/Factory | no* | --- |
* 10.0.20 already present here
Reassigning to security-team.
openSUSE-SU-2015:1216-1: An update that fixes 28 vulnerabilities is now available.
Category: security (important)
Bug References: 859345,914370,924663,934789,936407,936408,936409
CVE References: CVE-2014-6464,CVE-2014-6469,CVE-2014-6491,CVE-2014-6494,CVE-2014-6496,CVE-2014-6500,CVE-2014-6507,CVE-2014-6555,CVE-2014-6559,CVE-2014-6568,CVE-2014-8964,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0411,CVE-2015-0432,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152,CVE-2015-4000
openSUSE 13.2 (src): mariadb-10.0.20-2.9.1
openSUSE 13.1 (src): mariadb-5.5.44-4.1
SUSE-SU-2015:1273-1: An update that solves 12 vulnerabilities and has one errata is now available.
Category: security (important)
Bug References: 906574,919053,919062,920865,920896,921333,924663,924960,924961,934789,936407,936408,936409
CVE References: CVE-2014-8964,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152
SUSE Linux Enterprise Workstation Extension 12 (src): mariadb-10.0.20-18.1
SUSE Linux Enterprise Software Development Kit 12 (src): mariadb-10.0.20-18.1
SUSE Linux Enterprise Server 12 (src): mariadb-10.0.20-18.1
SUSE Linux Enterprise Desktop 12 (src): mariadb-10.0.20-18.1