Univention Bugzilla – Bug 49362
mariadb-10.1: Multiple issues (4.3)
Last modified: 2019-05-02 12:34:59 CEST
New Debian mariadb-10.1 10.1.38-0+deb9u1 fixes: This update addresses the following issues: * Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2529) * Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537)
--- mirror/ftp/4.3/unmaintained/4.3-3/source/mariadb-10.1_10.1.37-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/mariadb-10.1_10.1.38-0+deb9u1.dsc @@ -1,7 +1,26 @@ +10.1.38-0+deb9u1 [Tue, 16 Apr 2019 14:56:50 +0300] Otto Kekäläinen <otto@debian.org>: + + * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for + the following security vulnerabilities (Closes: #920933): + - CVE-2019-2537 + - CVE-2019-2529 + * Update correct branch name in gbp.conf + * Disable test unit.pcre_test on s390x that was failing in stretch-security + (Closes: #920854) + * Limit build test suite to 'main' like in mariadb-10.3 to make unnecessary + build failures less likely in lifetime of Stretch. + * Fix mips compilation failure (__bss_start symbol missing) (Closes: #920855) + * Extend the server README to clarify common misunderstandings + (Closes: #878215) + * Enable ccache in CMake path so it can be used automatically where available + * Heavily refactor and unify gitlab-ci.yml MariaDB install/upgrade steps. + This ensures uploads to Stretch are much more safer to do now than in the + past. + 10.1.37-0+deb9u1 [Wed, 08 Aug 2018 19:32:41 +0300] Otto Kekäläinen <otto@debian.org>: * SECURITY UPDATE: New upstream release 10.1.37. Includes fixes for - the following security vulnerabilities (Closes: #912848); + the following security vulnerabilities (Closes: #912848): - CVE-2018-3282 - CVE-2018-3251 - CVE-2018-3174 @@ -14,6 +33,9 @@ * Physically remove patches no longer in series and not applied anyway * Fix wrong-path-for-interpreter in innotop script to make package Lintian error free as pass CI systems fully + * Previous upstream version 10.1.36 included fixes for the following + security vulnerabilities: + - CVE-2019-2503 * Previous upstream version 10.1.35 included fixes for the following security vulnerabilities: - CVE-2018-3066 <http://10.200.17.11/4.3-4/#8276844549449548383>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts Plugins do not properly cleanup themselves from DB on uninstall [4.3-4] 5d52f753c8 Bug #49362: mariadb-10.1 10.1.38-0+deb9u1 doc/errata/staging/mariadb-10.1.yaml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) [4.3-4] 4bd66ebe26 Bug #49362: mariadb-10.1 10.1.38-0+deb9u1 doc/errata/staging/mariadb-10.1.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<http://errata.software-univention.de/ucs/4.3/489.html>