[SUSE-SU-2018:4211-1] Security update for mariadb

Severity Important

Affected Packages 15

CVEs 10

Security update for mariadb

This update for mariadb fixes the following issues:

Update to MariaDB 10.0.37 GA (bsc#1116686).

Security issues fixed:

CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432)
CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397)
CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368)
CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417)
CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421)
CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678)
CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342)
CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677)
CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676)
CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)

Non-security changes:

Remove PerconaFT from the package as it has AGPL licence (bsc#1118754)
do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency)

Release notes and changelog:

Package	Affected Version
pkg:rpm/suse/mariadb-100-errormessages?arch=x86_64&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/mariadb-100-errormessages?arch=x86_64&distro=sled-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/mariadb-100-errormessages?arch=s390x&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/mariadb-100-errormessages?arch=ppc64le&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/mariadb-100-errormessages?arch=aarch64&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient_r18?arch=x86_64&distro=sled-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient_r18-32bit?arch=x86_64&distro=sled-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sled-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient18?arch=aarch64&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sled-12&sp=4	< 10.0.37-2.3.1
pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=4	< 10.0.37-2.3.1

ID

SUSE-SU-2018:4211-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2018/suse-su-20184211-1/

Published

2018-12-20T21:06:44
(5 years ago)

Modified

2018-12-20T21:06:44
(5 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4211-1.json
Suse	URL for SUSE-SU-2018:4211-1	https://www.suse.com/support/update/announcement/2018/suse-su-20184211-1/
Suse	E-Mail link for SUSE-SU-2018:4211-1	https://lists.suse.com/pipermail/sle-security-updates/2018-December/004993.html
Bugzilla	SUSE Bug 1013882	https://bugzilla.suse.com/1013882
Bugzilla	SUSE Bug 1101676	https://bugzilla.suse.com/1101676
Bugzilla	SUSE Bug 1101677	https://bugzilla.suse.com/1101677
Bugzilla	SUSE Bug 1101678	https://bugzilla.suse.com/1101678
Bugzilla	SUSE Bug 1103342	https://bugzilla.suse.com/1103342
Bugzilla	SUSE Bug 1112368	https://bugzilla.suse.com/1112368
Bugzilla	SUSE Bug 1112397	https://bugzilla.suse.com/1112397
Bugzilla	SUSE Bug 1112417	https://bugzilla.suse.com/1112417
Bugzilla	SUSE Bug 1112421	https://bugzilla.suse.com/1112421
Bugzilla	SUSE Bug 1112432	https://bugzilla.suse.com/1112432
Bugzilla	SUSE Bug 1116686	https://bugzilla.suse.com/1116686
Bugzilla	SUSE Bug 1118754	https://bugzilla.suse.com/1118754
CVE	SUSE CVE CVE-2016-9843 page	https://www.suse.com/security/cve/CVE-2016-9843/
CVE	SUSE CVE CVE-2018-3058 page	https://www.suse.com/security/cve/CVE-2018-3058/
CVE	SUSE CVE CVE-2018-3063 page	https://www.suse.com/security/cve/CVE-2018-3063/
CVE	SUSE CVE CVE-2018-3064 page	https://www.suse.com/security/cve/CVE-2018-3064/
CVE	SUSE CVE CVE-2018-3066 page	https://www.suse.com/security/cve/CVE-2018-3066/
CVE	SUSE CVE CVE-2018-3143 page	https://www.suse.com/security/cve/CVE-2018-3143/
CVE	SUSE CVE CVE-2018-3156 page	https://www.suse.com/security/cve/CVE-2018-3156/
CVE	SUSE CVE CVE-2018-3174 page	https://www.suse.com/security/cve/CVE-2018-3174/
CVE	SUSE CVE CVE-2018-3251 page	https://www.suse.com/security/cve/CVE-2018-3251/
CVE	SUSE CVE CVE-2018-3282 page	https://www.suse.com/security/cve/CVE-2018-3282/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/mariadb-100-errormessages?arch=x86_64&distro=sles-12&sp=4	suse	mariadb-100-errormessages	< 10.0.37-2.3.1	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-100-errormessages?arch=x86_64&distro=sled-12&sp=4	suse	mariadb-100-errormessages	< 10.0.37-2.3.1	sled-12	x86_64
Affected	pkg:rpm/suse/mariadb-100-errormessages?arch=s390x&distro=sles-12&sp=4	suse	mariadb-100-errormessages	< 10.0.37-2.3.1	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-100-errormessages?arch=ppc64le&distro=sles-12&sp=4	suse	mariadb-100-errormessages	< 10.0.37-2.3.1	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-100-errormessages?arch=aarch64&distro=sles-12&sp=4	suse	mariadb-100-errormessages	< 10.0.37-2.3.1	sles-12	aarch64
Affected	pkg:rpm/suse/libmysqlclient_r18?arch=x86_64&distro=sled-12&sp=4	suse	libmysqlclient_r18	< 10.0.37-2.3.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient_r18-32bit?arch=x86_64&distro=sled-12&sp=4	suse	libmysqlclient_r18-32bit	< 10.0.37-2.3.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=4	suse	libmysqlclient18	< 10.0.37-2.3.1	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sled-12&sp=4	suse	libmysqlclient18	< 10.0.37-2.3.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=4	suse	libmysqlclient18	< 10.0.37-2.3.1	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=4	suse	libmysqlclient18	< 10.0.37-2.3.1	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqlclient18?arch=aarch64&distro=sles-12&sp=4	suse	libmysqlclient18	< 10.0.37-2.3.1	sles-12	aarch64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=4	suse	libmysqlclient18-32bit	< 10.0.37-2.3.1	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sled-12&sp=4	suse	libmysqlclient18-32bit	< 10.0.37-2.3.1	sled-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=4	suse	libmysqlclient18-32bit	< 10.0.37-2.3.1	sles-12	s390x

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date