[SUSE-SU-2017:0412-1] Security update for mariadb

Severity Important

Affected Packages 53

CVEs 11

Security update for mariadb

This mariadb version update to 10.0.29 fixes the following issues:

CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896)
CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894)
CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)
CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884)
CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885)
CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875)
CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878)
CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877)
CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891)
CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882)
CVE-2016-6664: Root Privilege Escalation (bsc#1008253)
Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428)
notable changes:
- XtraDB updated to 5.6.34-79.1
- TokuDB updated to 5.6.34-79.1
- Innodb updated to 5.6.35
- Performance Schema updated to 5.6.35

Release notes and changelog:
* https://kb.askmonty.org/en/mariadb-10029-release-notes
* https://kb.askmonty.org/en/mariadb-10029-changelog

Package	Affected Version
pkg:rpm/suse/mariadb?arch=x86_64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb?arch=x86_64&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb?arch=x86_64&distro=sled-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb?arch=x86_64&distro=sled-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb?arch=s390x&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb?arch=s390x&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb?arch=ppc64le&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb?arch=ppc64le&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb?arch=aarch64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-tools?arch=x86_64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-tools?arch=x86_64&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-tools?arch=s390x&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-tools?arch=s390x&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-tools?arch=ppc64le&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-tools?arch=ppc64le&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-tools?arch=aarch64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sled-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sled-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=s390x&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=s390x&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=ppc64le&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=ppc64le&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-errormessages?arch=aarch64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sled-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sled-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=s390x&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=s390x&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=ppc64le&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=ppc64le&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/mariadb-client?arch=aarch64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient_r18?arch=x86_64&distro=sled-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient_r18?arch=x86_64&distro=sled-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient_r18-32bit?arch=x86_64&distro=sled-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient_r18-32bit?arch=x86_64&distro=sled-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sled-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sled-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18?arch=aarch64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sled-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sled-12&sp=1	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=2	< 10.0.29-22.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=1	< 10.0.29-22.1

ID

SUSE-SU-2017:0412-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2017/suse-su-20170412-1/

Published

2017-02-07T12:33:36
(7 years ago)

Modified

2017-02-07T12:33:36
(7 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0412-1.json
Suse	URL for SUSE-SU-2017:0412-1	https://www.suse.com/support/update/announcement/2017/suse-su-20170412-1/
Suse	E-Mail link for SUSE-SU-2017:0412-1	https://lists.suse.com/pipermail/sle-security-updates/2017-February/002629.html
Bugzilla	SUSE Bug 1008253	https://bugzilla.suse.com/1008253
Bugzilla	SUSE Bug 1020868	https://bugzilla.suse.com/1020868
Bugzilla	SUSE Bug 1020873	https://bugzilla.suse.com/1020873
Bugzilla	SUSE Bug 1020875	https://bugzilla.suse.com/1020875
Bugzilla	SUSE Bug 1020877	https://bugzilla.suse.com/1020877
Bugzilla	SUSE Bug 1020878	https://bugzilla.suse.com/1020878
Bugzilla	SUSE Bug 1020882	https://bugzilla.suse.com/1020882
Bugzilla	SUSE Bug 1020884	https://bugzilla.suse.com/1020884
Bugzilla	SUSE Bug 1020885	https://bugzilla.suse.com/1020885
Bugzilla	SUSE Bug 1020891	https://bugzilla.suse.com/1020891
Bugzilla	SUSE Bug 1020894	https://bugzilla.suse.com/1020894
Bugzilla	SUSE Bug 1020896	https://bugzilla.suse.com/1020896
Bugzilla	SUSE Bug 1022428	https://bugzilla.suse.com/1022428
CVE	SUSE CVE CVE-2016-6664 page	https://www.suse.com/security/cve/CVE-2016-6664/
CVE	SUSE CVE CVE-2017-3238 page	https://www.suse.com/security/cve/CVE-2017-3238/
CVE	SUSE CVE CVE-2017-3243 page	https://www.suse.com/security/cve/CVE-2017-3243/
CVE	SUSE CVE CVE-2017-3244 page	https://www.suse.com/security/cve/CVE-2017-3244/
CVE	SUSE CVE CVE-2017-3257 page	https://www.suse.com/security/cve/CVE-2017-3257/
CVE	SUSE CVE CVE-2017-3258 page	https://www.suse.com/security/cve/CVE-2017-3258/
CVE	SUSE CVE CVE-2017-3265 page	https://www.suse.com/security/cve/CVE-2017-3265/
CVE	SUSE CVE CVE-2017-3291 page	https://www.suse.com/security/cve/CVE-2017-3291/
CVE	SUSE CVE CVE-2017-3312 page	https://www.suse.com/security/cve/CVE-2017-3312/
CVE	SUSE CVE CVE-2017-3317 page	https://www.suse.com/security/cve/CVE-2017-3317/
CVE	SUSE CVE CVE-2017-3318 page	https://www.suse.com/security/cve/CVE-2017-3318/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/mariadb?arch=x86_64&distro=sles-12&sp=2	suse	mariadb	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb?arch=x86_64&distro=sles-12&sp=1	suse	mariadb	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb?arch=x86_64&distro=sled-12&sp=2	suse	mariadb	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/mariadb?arch=x86_64&distro=sled-12&sp=1	suse	mariadb	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/mariadb?arch=s390x&distro=sles-12&sp=2	suse	mariadb	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb?arch=s390x&distro=sles-12&sp=1	suse	mariadb	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb?arch=ppc64le&distro=sles-12&sp=2	suse	mariadb	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb?arch=ppc64le&distro=sles-12&sp=1	suse	mariadb	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb?arch=aarch64&distro=sles-12&sp=2	suse	mariadb	< 10.0.29-22.1	sles-12	aarch64
Affected	pkg:rpm/suse/mariadb-tools?arch=x86_64&distro=sles-12&sp=2	suse	mariadb-tools	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-tools?arch=x86_64&distro=sles-12&sp=1	suse	mariadb-tools	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-tools?arch=s390x&distro=sles-12&sp=2	suse	mariadb-tools	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-tools?arch=s390x&distro=sles-12&sp=1	suse	mariadb-tools	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-tools?arch=ppc64le&distro=sles-12&sp=2	suse	mariadb-tools	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-tools?arch=ppc64le&distro=sles-12&sp=1	suse	mariadb-tools	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-tools?arch=aarch64&distro=sles-12&sp=2	suse	mariadb-tools	< 10.0.29-22.1	sles-12	aarch64
Affected	pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sles-12&sp=2	suse	mariadb-errormessages	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sles-12&sp=1	suse	mariadb-errormessages	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sled-12&sp=2	suse	mariadb-errormessages	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sled-12&sp=1	suse	mariadb-errormessages	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/mariadb-errormessages?arch=s390x&distro=sles-12&sp=2	suse	mariadb-errormessages	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-errormessages?arch=s390x&distro=sles-12&sp=1	suse	mariadb-errormessages	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-errormessages?arch=ppc64le&distro=sles-12&sp=2	suse	mariadb-errormessages	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-errormessages?arch=ppc64le&distro=sles-12&sp=1	suse	mariadb-errormessages	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-errormessages?arch=aarch64&distro=sles-12&sp=2	suse	mariadb-errormessages	< 10.0.29-22.1	sles-12	aarch64
Affected	pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sles-12&sp=2	suse	mariadb-client	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sles-12&sp=1	suse	mariadb-client	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sled-12&sp=2	suse	mariadb-client	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sled-12&sp=1	suse	mariadb-client	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/mariadb-client?arch=s390x&distro=sles-12&sp=2	suse	mariadb-client	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-client?arch=s390x&distro=sles-12&sp=1	suse	mariadb-client	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-client?arch=ppc64le&distro=sles-12&sp=2	suse	mariadb-client	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-client?arch=ppc64le&distro=sles-12&sp=1	suse	mariadb-client	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-client?arch=aarch64&distro=sles-12&sp=2	suse	mariadb-client	< 10.0.29-22.1	sles-12	aarch64
Affected	pkg:rpm/suse/libmysqlclient_r18?arch=x86_64&distro=sled-12&sp=2	suse	libmysqlclient_r18	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient_r18?arch=x86_64&distro=sled-12&sp=1	suse	libmysqlclient_r18	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient_r18-32bit?arch=x86_64&distro=sled-12&sp=2	suse	libmysqlclient_r18-32bit	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient_r18-32bit?arch=x86_64&distro=sled-12&sp=1	suse	libmysqlclient_r18-32bit	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=2	suse	libmysqlclient18	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=1	suse	libmysqlclient18	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sled-12&sp=2	suse	libmysqlclient18	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sled-12&sp=1	suse	libmysqlclient18	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=2	suse	libmysqlclient18	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=1	suse	libmysqlclient18	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=2	suse	libmysqlclient18	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=1	suse	libmysqlclient18	< 10.0.29-22.1	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqlclient18?arch=aarch64&distro=sles-12&sp=2	suse	libmysqlclient18	< 10.0.29-22.1	sles-12	aarch64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=2	suse	libmysqlclient18-32bit	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=1	suse	libmysqlclient18-32bit	< 10.0.29-22.1	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sled-12&sp=2	suse	libmysqlclient18-32bit	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sled-12&sp=1	suse	libmysqlclient18-32bit	< 10.0.29-22.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=2	suse	libmysqlclient18-32bit	< 10.0.29-22.1	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=1	suse	libmysqlclient18-32bit	< 10.0.29-22.1	sles-12	s390x

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date