Описание
ELSA-2017-2192: mariadb security and bug fix update (MODERATE)
[1:5.5.56-2]
- Do not fix context and change owner if run by root in mariadb-prepare-db-dir Related: #1458940
- Check properly that datadir includes only expected files Related: #1356897
[1:5.5.56-1]
- Rebase to 5.5.56 That release also fixes the following security issues: CVE-2016-5617/CVE-2016-6664 CVE-2017-3312 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3291 CVE-2017-3302 CVE-2016-5483/CVE-2017-3600 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 Resolves: #1458933 New deps required by upstream: checkpolicy and policycoreutils-python License text removed by upstream: COPYING.LESSER Do not ignore test-suite failure Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265 Resolves: #1458940
[5.5.52-2]
-
Extension of mariadb-prepare-db-dir script
-
Resolves: #1356897
-
Rebase to 5.5.52, that also include fix for CVE-2016-6662 Resolves: #1377974
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
mariadb
5.5.56-2.el7
mariadb-bench
5.5.56-2.el7
mariadb-devel
5.5.56-2.el7
mariadb-embedded
5.5.56-2.el7
mariadb-embedded-devel
5.5.56-2.el7
mariadb-libs
5.5.56-2.el7
mariadb-server
5.5.56-2.el7
mariadb-test
5.5.56-2.el7
Oracle Linux x86_64
mariadb
5.5.56-2.el7
mariadb-bench
5.5.56-2.el7
mariadb-devel
5.5.56-2.el7
mariadb-embedded
5.5.56-2.el7
mariadb-embedded-devel
5.5.56-2.el7
mariadb-libs
5.5.56-2.el7
mariadb-server
5.5.56-2.el7
mariadb-test
5.5.56-2.el7
Ссылки на источники
Связанные уязвимости
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).