Bug 936409 - VUL-0: mariadb: 10.0.17 security update
Summary: VUL-0: mariadb: 10.0.17 security update
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-29 11:02 UTC by Marcus Meissner
Modified: 2019-05-06 13:59 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-06-29 11:02:47 UTC 
https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/

Notable Changes

    The new version of the Audit Plugin is 1.2 and includes the following new features:
        In the audit log, passwords are now masked, i.e. the password characters are replaced with asterisks.
        It's now possible to filter logging to include only DDL (CREATE, ALTER, etc.) or DML (INSERT, UPDATE, etc.) statements.
        For more information please refer to the About the MariaDB Audit Plugin page. The plugin is disabled by default. 
    InnoDB updated to 5.6.23
    XtraDB updated to 5.6.22-72.0
    TokuDB updated to 7.5.5
    mroonga updated to 5.0
    Spider updated to 3.2.18
    Connect updated to 1.03.0005
    HeidiSQL updated to 9.1 (MDEV-7290)
    --galera-sst-mode option removed from mysqldump (MDEV-7615)
    mysqlbinlog --binlog-row-event-max-size support added (MDEV-6703) 

    Fixes for the following security vulnerabilities:
        CVE-2015-2568
        CVE-2015-2573
        CVE-2015-0433
        CVE-2015-0441 

For a complete list of changes made in MariaDB 10.0.17, with links to detailed information on each push, see the changelog.
Comment 1 Swamp Workflow Management 2015-06-29 22:00:40 UTC 
bugbot adjusting priority
Comment 2 Kristyna Streitova 2015-06-30 17:23:39 UTC 
MariaDB 10.0.20 submitted to SLE12 and openSUSE 13.2

|    Product    | Affected |  Request  |
|---------------|----------|-----------|
| SLE12         | yes      | mr#61330  |
| openSUSE 13.2 | yes      | mr#314500 |
| devel/Factory | no*      | ---       |

* 10.0.20 already present here

Reassigning to security-team.
Comment 4 Swamp Workflow Management 2015-07-09 15:09:27 UTC 
openSUSE-SU-2015:1216-1: An update that fixes 28 vulnerabilities is now available.

Category: security (important)
Bug References: 859345,914370,924663,934789,936407,936408,936409
CVE References: CVE-2014-6464,CVE-2014-6469,CVE-2014-6491,CVE-2014-6494,CVE-2014-6496,CVE-2014-6500,CVE-2014-6507,CVE-2014-6555,CVE-2014-6559,CVE-2014-6568,CVE-2014-8964,CVE-2015-0374,CVE-2015-0381,CVE-2015-0382,CVE-2015-0411,CVE-2015-0432,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    mariadb-10.0.20-2.9.1
openSUSE 13.1 (src):    mariadb-5.5.44-4.1
Comment 5 Andreas Stieger 2015-07-21 12:11:20 UTC 
Releasing MariaDB for SLE 12
Comment 6 Swamp Workflow Management 2015-07-21 14:10:34 UTC 
SUSE-SU-2015:1273-1: An update that solves 12 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 906574,919053,919062,920865,920896,921333,924663,924960,924961,934789,936407,936408,936409
CVE References: CVE-2014-8964,CVE-2015-0433,CVE-2015-0441,CVE-2015-0499,CVE-2015-0501,CVE-2015-0505,CVE-2015-2325,CVE-2015-2326,CVE-2015-2568,CVE-2015-2571,CVE-2015-2573,CVE-2015-3152
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Software Development Kit 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Server 12 (src):    mariadb-10.0.20-18.1
SUSE Linux Enterprise Desktop 12 (src):    mariadb-10.0.20-18.1