SUSE-SU-2019:0555-1

Source
https://www.suse.com/support/update/announcement/2019/suse-su-20190555-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:0555-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2019:0555-1
Related
Published
2019-03-06T09:55:52Z
Modified
2019-03-06T09:55:52Z
Summary
Security update for mariadb
Details

This update for mariadb to version 10.2.22 fixes the following issues:

Security issues fixed:

  • CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198).
  • CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198).
  • CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377)
  • CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432)
  • CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391)
  • CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397)
  • CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404)
  • CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384)
  • CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368)
  • CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386)
  • CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415)
  • CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417)
  • CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421)
  • CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678)
  • CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342)
  • CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677)
  • CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676)
  • CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)

Non-security issues fixed:

  • Fixed an issue where myslinstalldb fails due to incorrect basedir (bsc#1127027).
  • Fixed an issue where the lograte was not working (bsc#1112767).
  • Backport Information Schema CHECK_CONSTRAINTS Table.
  • Maximum value of tabledefinitioncache is now 2097152.
  • InnoDB ALTER TABLE fixes.
  • Galera crash recovery fixes.
  • Encryption fixes.
  • Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475).
  • Maria DB testsuite - test main.plugin_auth failed (bsc#1111859)
  • Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858)
  • Remove PerconaFT from the package as it has AGPL licence (bsc#1118754)
  • remove PerconaFT from the package as it has AGPL licence (bsc#1118754)
  • Database corruption after renaming a prefix-indexed column (bsc#1120041)

Release notes and changelog:

  • https://mariadb.com/kb/en/library/mariadb-10222-release-notes
  • https://mariadb.com/kb/en/library/mariadb-10222-changelog/
References

Affected packages

SUSE:Linux Enterprise Module for Server Applications 15 / mariadb

Package

Name
mariadb
Purl
purl:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.2.22-3.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libmysqld19": "10.2.22-3.14.1",
            "mariadb-errormessages": "10.2.22-3.14.1",
            "libmysqld-devel": "10.2.22-3.14.1",
            "mariadb": "10.2.22-3.14.1",
            "mariadb-client": "10.2.22-3.14.1",
            "mariadb-tools": "10.2.22-3.14.1"
        }
    ]
}