Security update for mariadb

Announcement ID: SUSE-SU-2017:0411-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2016-6664 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-6664 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-6664 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-3238 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3238 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3243 ( NVD ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3243 ( NVD ): 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3244 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3244 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3257 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3257 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3258 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3258 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3258 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-3265 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
  • CVE-2017-3265 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
  • CVE-2017-3291 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
  • CVE-2017-3291 ( NVD ): 6.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
  • CVE-2017-3312 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  • CVE-2017-3312 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  • CVE-2017-3312 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
  • CVE-2017-3317 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-3317 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
  • CVE-2017-3318 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
  • CVE-2017-3318 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
  • CVE-2017-3318 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 LTSS 12
  • SUSE Linux Enterprise Server for SAP Applications 12

An update that solves 11 vulnerabilities and has two security fixes can now be installed.

Description:

This mariadb version update to 10.0.29 fixes the following issues:

  • CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896)
  • CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894)
  • CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)
  • CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884)
  • CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885)
  • CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875)
  • CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878)
  • CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877)
  • CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891)
  • CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882)
  • CVE-2016-6664: Root Privilege Escalation (bsc#1008253)
  • Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428)

  • notable changes:

  • XtraDB updated to 5.6.34-79.1
  • TokuDB updated to 5.6.34-79.1
  • Innodb updated to 5.6.35
  • Performance Schema updated to 5.6.35

Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10029-release-notes * https://kb.askmonty.org/en/mariadb-10029-changelog

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server for SAP Applications 12
    zypper in -t patch SUSE-SLE-SAP-12-2017-205=1
  • SUSE Linux Enterprise Server 12 LTSS 12
    zypper in -t patch SUSE-SLE-SERVER-12-2017-205=1

Package List:

  • SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
    • libmysqlclient18-32bit-10.0.29-20.23.1
    • libmysqlclient18-10.0.29-20.23.1
    • libmysqlclient18-debuginfo-10.0.29-20.23.1
    • mariadb-debuginfo-10.0.29-20.23.1
    • mariadb-debugsource-10.0.29-20.23.1
    • mariadb-client-debuginfo-10.0.29-20.23.1
    • libmysqld18-debuginfo-10.0.29-20.23.1
    • mariadb-tools-debuginfo-10.0.29-20.23.1
    • libmysqlclient18-debuginfo-32bit-10.0.29-20.23.1
    • mariadb-10.0.29-20.23.1
    • mariadb-client-10.0.29-20.23.1
    • libmysqlclient-devel-10.0.29-20.23.1
    • mariadb-tools-10.0.29-20.23.1
    • libmysqld-devel-10.0.29-20.23.1
    • libmysqlclient_r18-10.0.29-20.23.1
    • libmysqld18-10.0.29-20.23.1
    • mariadb-errormessages-10.0.29-20.23.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (ppc64le s390x x86_64)
    • libmysqlclient18-10.0.29-20.23.1
    • libmysqlclient18-debuginfo-10.0.29-20.23.1
    • mariadb-debuginfo-10.0.29-20.23.1
    • mariadb-debugsource-10.0.29-20.23.1
    • mariadb-client-debuginfo-10.0.29-20.23.1
    • libmysqld18-debuginfo-10.0.29-20.23.1
    • mariadb-tools-debuginfo-10.0.29-20.23.1
    • mariadb-10.0.29-20.23.1
    • mariadb-client-10.0.29-20.23.1
    • libmysqlclient-devel-10.0.29-20.23.1
    • mariadb-tools-10.0.29-20.23.1
    • libmysqld-devel-10.0.29-20.23.1
    • libmysqlclient_r18-10.0.29-20.23.1
    • libmysqld18-10.0.29-20.23.1
    • mariadb-errormessages-10.0.29-20.23.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (s390x x86_64)
    • libmysqlclient18-32bit-10.0.29-20.23.1
    • libmysqlclient18-debuginfo-32bit-10.0.29-20.23.1

References: