SUSE-SU-2018:1853-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20181853-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1853-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1853-1
Related
Published
2018-06-29T15:40:54Z
Modified
2018-06-29T15:40:54Z
Summary
Recommended update for mariadb
Details

This MariaDB update to version 10.2.15 brings the following fixes and improvements.

Security issues:

  • CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681).
  • Collected CVEs fixes:
    • 10.2.15: CVE-2018-2786, CVE-2018-2759, CVE-2018-2777, CVE-2018-2810, CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813
    • 10.2.13: CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2612
    • 10.2.10: CVE-2017-10378, CVE-2017-10268, CVE-2017-15365
    • 10.2.8: CVE-2017-3636, CVE-2017-3641, CVE-2017-3653, CVE-2017-10320, CVE-2017-10365, CVE-2017-10379, CVE-2017-10384, CVE-2017-10286, CVE-2017-3257
    • 10.2.6: CVE-2017-3308, CVE-2017-3309, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464
    • 10.2.5: CVE-2017-3313, CVE-2017-3302

Bugfixes:

  • bsc#1092544: Update suseskippedtests.list and add tests that are failing with GCC 8.
  • bsc#1012075: MariaDB Test Suite issue with test sysvars.securefile_priv.test.
  • bsc#1019948: mariadb even tumbleweed version is super old.
  • bsc#1039034: no ODBC support in MariaDB Server.
  • bsc#1041891: Make mariadb tests pass and exclude failures.
  • bsc#1042632: Mariadb fails to build with openssl-1.1.
  • bsc#1043328: Update mariadb in TW to 10.2 and drop comat with mysql.
  • bsc#1047218: trackerbug: packages do not build reproducibly from including build time.
  • bsc#1055165: mariadb build with cassandra enabled.
  • bsc#1055268: MariaDB configurations are not overwritable.
  • bsc#1058374: Use bind-address directive and SSL section settings in default my.cnf.
  • bsc#1058729: MariaDB - mysql-test - connect.drop-open-error is failing (regression).
  • bsc#1060110: The mariadb install script depends on hostname but does not require it.
  • bsc#1062583: Stop using boost-devel.
  • bsc#1067443: incomplete revert of the mariadb service rename.
  • bsc#1068906: MariaDB: ALTER TABLE can't rename columns with CHECK constraints.
  • bsc#1069401: Database failed apply with mariadb 10.2 : RuntimeError: Galera cluster did not start after 600 seconds.
  • bsc#1080891: server:database/mariadb: up-streaming patches.
  • bsc#1083087: Galera bootstrap failes work after MariaDB 10.2.13 upgrade.
  • bsc#1082318: mariadb-connector-c.changes and xtrabackup need to use %doc instead of %license.

Release notes and changelog:

  • https://mariadb.com/kb/en/library/mariadb-10215-release-notes
  • https://mariadb.com/kb/en/library/mariadb-10215-changelog
References

Affected packages

SUSE:OpenStack Cloud 7 / galera-3

Package

Name
galera-3
Purl
purl:rpm/suse/galera-3&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.3.23-8.3

Ecosystem specific

{
    "binaries": [
        {
            "mariadb-galera": "10.2.15-7.1",
            "mariadb-errormessages": "10.2.15-7.1",
            "mariadb-tools": "10.2.15-7.1",
            "ruby2.1-rubygem-mysql2": "0.4.10-7.2",
            "galera-3-wsrep-provider": "25.3.23-8.3",
            "mariadb": "10.2.15-7.1",
            "xtrabackup": "2.4.10-5.3",
            "mariadb-client": "10.2.15-7.1",
            "libmariadb3": "3.0.3-1.3.3"
        }
    ]
}

SUSE:OpenStack Cloud 7 / mariadb

Package

Name
mariadb
Purl
purl:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.2.15-7.1

Ecosystem specific

{
    "binaries": [
        {
            "mariadb-galera": "10.2.15-7.1",
            "mariadb-errormessages": "10.2.15-7.1",
            "mariadb-tools": "10.2.15-7.1",
            "ruby2.1-rubygem-mysql2": "0.4.10-7.2",
            "galera-3-wsrep-provider": "25.3.23-8.3",
            "mariadb": "10.2.15-7.1",
            "xtrabackup": "2.4.10-5.3",
            "mariadb-client": "10.2.15-7.1",
            "libmariadb3": "3.0.3-1.3.3"
        }
    ]
}

SUSE:OpenStack Cloud 7 / mariadb-connector-c

Package

Name
mariadb-connector-c
Purl
purl:rpm/suse/mariadb-connector-c&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.3-1.3.3

Ecosystem specific

{
    "binaries": [
        {
            "mariadb-galera": "10.2.15-7.1",
            "mariadb-errormessages": "10.2.15-7.1",
            "mariadb-tools": "10.2.15-7.1",
            "ruby2.1-rubygem-mysql2": "0.4.10-7.2",
            "galera-3-wsrep-provider": "25.3.23-8.3",
            "mariadb": "10.2.15-7.1",
            "xtrabackup": "2.4.10-5.3",
            "mariadb-client": "10.2.15-7.1",
            "libmariadb3": "3.0.3-1.3.3"
        }
    ]
}

SUSE:OpenStack Cloud 7 / rubygem-mysql2

Package

Name
rubygem-mysql2
Purl
purl:rpm/suse/rubygem-mysql2&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.10-7.2

Ecosystem specific

{
    "binaries": [
        {
            "mariadb-galera": "10.2.15-7.1",
            "mariadb-errormessages": "10.2.15-7.1",
            "mariadb-tools": "10.2.15-7.1",
            "ruby2.1-rubygem-mysql2": "0.4.10-7.2",
            "galera-3-wsrep-provider": "25.3.23-8.3",
            "mariadb": "10.2.15-7.1",
            "xtrabackup": "2.4.10-5.3",
            "mariadb-client": "10.2.15-7.1",
            "libmariadb3": "3.0.3-1.3.3"
        }
    ]
}

SUSE:OpenStack Cloud 7 / xtrabackup

Package

Name
xtrabackup
Purl
purl:rpm/suse/xtrabackup&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.10-5.3

Ecosystem specific

{
    "binaries": [
        {
            "mariadb-galera": "10.2.15-7.1",
            "mariadb-errormessages": "10.2.15-7.1",
            "mariadb-tools": "10.2.15-7.1",
            "ruby2.1-rubygem-mysql2": "0.4.10-7.2",
            "galera-3-wsrep-provider": "25.3.23-8.3",
            "mariadb": "10.2.15-7.1",
            "xtrabackup": "2.4.10-5.3",
            "mariadb-client": "10.2.15-7.1",
            "libmariadb3": "3.0.3-1.3.3"
        }
    ]
}