[RHSA-2019:2327-01] Moderate: mariadb security and bug fix update

Security announcements for all Red Hat products and services. rhsa-announce at redhat.com
Tue Aug 6 12:49:18 UTC 2019 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: mariadb security and bug fix update
Advisory ID:       RHSA-2019:2327-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2327
Issue date:        2019-08-06
CVE Names:         CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 
                   CVE-2018-3081 CVE-2018-3282 CVE-2019-2503 
                   CVE-2019-2529 CVE-2019-2614 CVE-2019-2627 
=====================================================================

1. Summary:

An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL. 

The following packages have been upgraded to a later upstream version:
mariadb (5.5.64). (BZ#1610986, BZ#1664043)

Security Fix(es):

* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2018) (CVE-2018-3063)

* mysql: Client programs unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3081)

* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
(CVE-2018-3282)

* mysql: Server: Connection Handling unspecified vulnerability (CPU Jan
2019) (CVE-2019-2503)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)
(CVE-2019-2529)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
(CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr
2019) (CVE-2019-2627)

* mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
(CVE-2018-3066)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1490398 - mysql_upgrade fails when the same stored procedure name to uppercase and lowercase database names exists.
1598095 - problem with fuser usage during init
1602356 - CVE-2018-3058 mysql: MyISAM unspecified vulnerability (CPU Jul 2018)
1602363 - CVE-2018-3063 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018)
1602366 - CVE-2018-3066 mysql: Server: Options unspecified vulnerability (CPU Jul 2018)
1602424 - CVE-2018-3081 mysql: Client programs unspecified vulnerability (CPU Jul 2018)
1625196 - fcontext missing for mysqld_safe_helper
1640322 - CVE-2018-3282 mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)
1666749 - CVE-2019-2503 mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)
1666755 - CVE-2019-2529 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019)
1678662 - MariaDB TABLE CHECKSUM calculation sometimes ignore columns
1702969 - CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
1702976 - CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
mariadb-5.5.64-1.el7.src.rpm

x86_64:
mariadb-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-libs-5.5.64-1.el7.i686.rpm
mariadb-libs-5.5.64-1.el7.x86_64.rpm
mariadb-server-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
mariadb-bench-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-devel-5.5.64-1.el7.i686.rpm
mariadb-devel-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-5.5.64-1.el7.i686.rpm
mariadb-embedded-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.64-1.el7.i686.rpm
mariadb-embedded-devel-5.5.64-1.el7.x86_64.rpm
mariadb-test-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
mariadb-5.5.64-1.el7.src.rpm

x86_64:
mariadb-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-libs-5.5.64-1.el7.i686.rpm
mariadb-libs-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
mariadb-bench-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-devel-5.5.64-1.el7.i686.rpm
mariadb-devel-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-5.5.64-1.el7.i686.rpm
mariadb-embedded-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.64-1.el7.i686.rpm
mariadb-embedded-devel-5.5.64-1.el7.x86_64.rpm
mariadb-server-5.5.64-1.el7.x86_64.rpm
mariadb-test-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
mariadb-5.5.64-1.el7.src.rpm

ppc64:
mariadb-5.5.64-1.el7.ppc64.rpm
mariadb-bench-5.5.64-1.el7.ppc64.rpm
mariadb-debuginfo-5.5.64-1.el7.ppc.rpm
mariadb-debuginfo-5.5.64-1.el7.ppc64.rpm
mariadb-devel-5.5.64-1.el7.ppc.rpm
mariadb-devel-5.5.64-1.el7.ppc64.rpm
mariadb-libs-5.5.64-1.el7.ppc.rpm
mariadb-libs-5.5.64-1.el7.ppc64.rpm
mariadb-server-5.5.64-1.el7.ppc64.rpm
mariadb-test-5.5.64-1.el7.ppc64.rpm

ppc64le:
mariadb-5.5.64-1.el7.ppc64le.rpm
mariadb-bench-5.5.64-1.el7.ppc64le.rpm
mariadb-debuginfo-5.5.64-1.el7.ppc64le.rpm
mariadb-devel-5.5.64-1.el7.ppc64le.rpm
mariadb-libs-5.5.64-1.el7.ppc64le.rpm
mariadb-server-5.5.64-1.el7.ppc64le.rpm
mariadb-test-5.5.64-1.el7.ppc64le.rpm

s390x:
mariadb-5.5.64-1.el7.s390x.rpm
mariadb-bench-5.5.64-1.el7.s390x.rpm
mariadb-debuginfo-5.5.64-1.el7.s390.rpm
mariadb-debuginfo-5.5.64-1.el7.s390x.rpm
mariadb-devel-5.5.64-1.el7.s390.rpm
mariadb-devel-5.5.64-1.el7.s390x.rpm
mariadb-libs-5.5.64-1.el7.s390.rpm
mariadb-libs-5.5.64-1.el7.s390x.rpm
mariadb-server-5.5.64-1.el7.s390x.rpm
mariadb-test-5.5.64-1.el7.s390x.rpm

x86_64:
mariadb-5.5.64-1.el7.x86_64.rpm
mariadb-bench-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-devel-5.5.64-1.el7.i686.rpm
mariadb-devel-5.5.64-1.el7.x86_64.rpm
mariadb-libs-5.5.64-1.el7.i686.rpm
mariadb-libs-5.5.64-1.el7.x86_64.rpm
mariadb-server-5.5.64-1.el7.x86_64.rpm
mariadb-test-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
mariadb-debuginfo-5.5.64-1.el7.ppc.rpm
mariadb-debuginfo-5.5.64-1.el7.ppc64.rpm
mariadb-embedded-5.5.64-1.el7.ppc.rpm
mariadb-embedded-5.5.64-1.el7.ppc64.rpm
mariadb-embedded-devel-5.5.64-1.el7.ppc.rpm
mariadb-embedded-devel-5.5.64-1.el7.ppc64.rpm

ppc64le:
mariadb-debuginfo-5.5.64-1.el7.ppc64le.rpm
mariadb-embedded-5.5.64-1.el7.ppc64le.rpm
mariadb-embedded-devel-5.5.64-1.el7.ppc64le.rpm

s390x:
mariadb-debuginfo-5.5.64-1.el7.s390.rpm
mariadb-debuginfo-5.5.64-1.el7.s390x.rpm
mariadb-embedded-5.5.64-1.el7.s390.rpm
mariadb-embedded-5.5.64-1.el7.s390x.rpm
mariadb-embedded-devel-5.5.64-1.el7.s390.rpm
mariadb-embedded-devel-5.5.64-1.el7.s390x.rpm

x86_64:
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-5.5.64-1.el7.i686.rpm
mariadb-embedded-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.64-1.el7.i686.rpm
mariadb-embedded-devel-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
mariadb-5.5.64-1.el7.src.rpm

x86_64:
mariadb-5.5.64-1.el7.x86_64.rpm
mariadb-bench-5.5.64-1.el7.x86_64.rpm
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-devel-5.5.64-1.el7.i686.rpm
mariadb-devel-5.5.64-1.el7.x86_64.rpm
mariadb-libs-5.5.64-1.el7.i686.rpm
mariadb-libs-5.5.64-1.el7.x86_64.rpm
mariadb-server-5.5.64-1.el7.x86_64.rpm
mariadb-test-5.5.64-1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
mariadb-debuginfo-5.5.64-1.el7.i686.rpm
mariadb-debuginfo-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-5.5.64-1.el7.i686.rpm
mariadb-embedded-5.5.64-1.el7.x86_64.rpm
mariadb-embedded-devel-5.5.64-1.el7.i686.rpm
mariadb-embedded-devel-5.5.64-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3058
https://access.redhat.com/security/cve/CVE-2018-3063
https://access.redhat.com/security/cve/CVE-2018-3066
https://access.redhat.com/security/cve/CVE-2018-3081
https://access.redhat.com/security/cve/CVE-2018-3282
https://access.redhat.com/security/cve/CVE-2019-2503
https://access.redhat.com/security/cve/CVE-2019-2529
https://access.redhat.com/security/cve/CVE-2019-2614
https://access.redhat.com/security/cve/CVE-2019-2627
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXUl3R9zjgjWX9erEAQiQlRAAk+c0DsGblnv/IruqY5alq0ZMIBdGuyYU
+4/WWuYfo4ToF0QKpB4HW784coQmnZ44ycuG/X5ZpKBRn+b4dAy4XjXkz6gLYqKt
QrWOJFqTTL5xNZ4dJv9tpixmo39hsJSGDqE+mb/weVaVSoDRs3E0OJ1UVFgepTJl
Tw82cJeuZZtCmXzDXix5U8ua3LeDxU7vizX7EEk5WRWoNt5zE+94wgT/wXfTzUpb
ck2Hfw+pCL06f11096jbdK0Ewdpfz1WligQPt/rcssG6g7CXw7pyIc11n8jHgmeJ
KWdtm/vrQ7worWS9dfSKgyLrpG7ae6i/WVSYpKK8JKwtShg1qEBEOIrS+bajjp3h
5IpkHHImEzEIAr4R2xlFdPLMNL0h9NinVrtE4Xe4ybs6avLzI+UCz+AfvamLkQph
7y+5nrjRWrJ3F8POZf6Y0KXR0s9yNJCgRzwdwYDW3+G9dRkdCaY8G+HWvSFv9927
4kVimwvwcUSSTQMsJcDqWJI9lcDMiwQ6P4U1U8XV7B6u0745+u8RjtSpZZIQyxIA
HogGU84e0tdo0aGnvT3HRjOZXXleqhAJVTsARlIlMbIidXTGpAj4UMDw7vu3+G3m
B3OfAJpJE0WMflDj7dIUBd4iRiyz5t5NL0e7az0xZy9eMxwj5nql03hvbAMBAQBP
IBzACt4ECMk=
=5Kfj
-----END PGP SIGNATURE-----

More information about the RHSA-announce mailing list