openSUSE-SU-2019:0327-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:0327-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2019:0327-1

Related

Published

2019-03-23T11:15:20Z

Modified

2019-03-23T11:15:20Z

Summary

Security update for mariadb

Details

This update for mariadb to version 10.2.22 fixes the following issues:

Security issues fixed:

CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198).
CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198).
CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377)
CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432)
CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391)
CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397)
CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404)
CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384)
CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368)
CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386)
CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415)
CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417)
CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421)
CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678)
CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342)
CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677)
CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676)
CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)

Non-security issues fixed:

Fixed an issue where myslinstalldb fails due to incorrect basedir (bsc#1127027).
Fixed an issue where the lograte was not working (bsc#1112767).
Backport Information Schema CHECK_CONSTRAINTS Table.
Maximum value of tabledefinitioncache is now 2097152.
InnoDB ALTER TABLE fixes.
Galera crash recovery fixes.
Encryption fixes.
Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475).
Maria DB testsuite - test main.plugin_auth failed (bsc#1111859)
Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858)
Remove PerconaFT from the package as it has AGPL licence (bsc#1118754)
remove PerconaFT from the package as it has AGPL licence (bsc#1118754)
Database corruption after renaming a prefix-indexed column (bsc#1120041)

Release notes and changelog:

https://mariadb.com/kb/en/library/mariadb-10222-release-notes
https://mariadb.com/kb/en/library/mariadb-10222-changelog/

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages

openSUSE:Leap 15.0 / mariadb

Package

Name: mariadb
Purl: purl:rpm/suse/mariadb&distro=openSUSE%20Leap%2015.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.2.22-lp150.2.9.1

Ecosystem specific

{
    "binaries": [
        {
            "mariadb-galera": "10.2.22-lp150.2.9.1",
            "mariadb-errormessages": "10.2.22-lp150.2.9.1",
            "libmysqld-devel": "10.2.22-lp150.2.9.1",
            "mariadb-tools": "10.2.22-lp150.2.9.1",
            "libmysqld19": "10.2.22-lp150.2.9.1",
            "mariadb-bench": "10.2.22-lp150.2.9.1",
            "mariadb-test": "10.2.22-lp150.2.9.1",
            "mariadb": "10.2.22-lp150.2.9.1",
            "mariadb-client": "10.2.22-lp150.2.9.1"
        }
    ]
}