[SUSE-SU-2019:2048-1] Security update for mariadb

Severity Important

Affected Packages 46

CVEs 12

Security update for mariadb

This update for mariadb fixes the following issues:

Update to MariaDB 10.0.38 GA (bsc#1136037).

Security issues fixed:

CVE-2019-2537: Denial of service via multiple protocols (bsc#1136037)
CVE-2019-2529: Denial of service via multiple protocols (bsc#1136037)
CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432)
CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397)
CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368)
CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417)
CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421)
CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678)
CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342)
CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677)
CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676)
CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)

Non-security changes:

Removed PerconaFT from the package as it has AGPL licence (bsc#1118754).
Do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency).
Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666).
Removed 'umask 077' from mysql-systemd-helper that caused new datadirs created with wrong permissions (bsc#1132666).

Release notes and changelog:

Package	Affected Version
pkg:rpm/suse/mariadb?arch=x86_64&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb?arch=s390x&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb?arch=ppc64le&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-tools?arch=x86_64&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-tools?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-tools?arch=s390x&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-tools?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-tools?arch=ppc64le&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-tools?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-errormessages?arch=s390x&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-errormessages?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-errormessages?arch=ppc64le&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-errormessages?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-client?arch=s390x&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-client?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-client?arch=ppc64le&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/mariadb-client?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqld18?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqld18?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqld18?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqld-devel?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqld-devel?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqld-devel?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient_r18?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient_r18?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient_r18?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=2	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient-devel?arch=x86_64&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient-devel?arch=s390x&distro=sles-12&sp=1	< 10.0.38-29.27.3
pkg:rpm/suse/libmysqlclient-devel?arch=ppc64le&distro=sles-12&sp=1	< 10.0.38-29.27.3

ID

SUSE-SU-2019:2048-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2019/suse-su-20192048-1/

Published

2019-08-05T14:09:47
(5 years ago)

Modified

2019-08-05T14:09:47
(5 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2048-1.json
Suse	URL for SUSE-SU-2019:2048-1	https://www.suse.com/support/update/announcement/2019/suse-su-20192048-1/
Suse	E-Mail link for SUSE-SU-2019:2048-1	https://lists.suse.com/pipermail/sle-security-updates/2019-August/005775.html
Bugzilla	SUSE Bug 1013882	https://bugzilla.suse.com/1013882
Bugzilla	SUSE Bug 1101676	https://bugzilla.suse.com/1101676
Bugzilla	SUSE Bug 1101677	https://bugzilla.suse.com/1101677
Bugzilla	SUSE Bug 1101678	https://bugzilla.suse.com/1101678
Bugzilla	SUSE Bug 1103342	https://bugzilla.suse.com/1103342
Bugzilla	SUSE Bug 1112368	https://bugzilla.suse.com/1112368
Bugzilla	SUSE Bug 1112397	https://bugzilla.suse.com/1112397
Bugzilla	SUSE Bug 1112417	https://bugzilla.suse.com/1112417
Bugzilla	SUSE Bug 1112421	https://bugzilla.suse.com/1112421
Bugzilla	SUSE Bug 1112432	https://bugzilla.suse.com/1112432
Bugzilla	SUSE Bug 1116686	https://bugzilla.suse.com/1116686
Bugzilla	SUSE Bug 1118754	https://bugzilla.suse.com/1118754
Bugzilla	SUSE Bug 1132666	https://bugzilla.suse.com/1132666
Bugzilla	SUSE Bug 1136037	https://bugzilla.suse.com/1136037
CVE	SUSE CVE CVE-2016-9843 page	https://www.suse.com/security/cve/CVE-2016-9843/
CVE	SUSE CVE CVE-2018-3058 page	https://www.suse.com/security/cve/CVE-2018-3058/
CVE	SUSE CVE CVE-2018-3063 page	https://www.suse.com/security/cve/CVE-2018-3063/
CVE	SUSE CVE CVE-2018-3064 page	https://www.suse.com/security/cve/CVE-2018-3064/
CVE	SUSE CVE CVE-2018-3066 page	https://www.suse.com/security/cve/CVE-2018-3066/
CVE	SUSE CVE CVE-2018-3143 page	https://www.suse.com/security/cve/CVE-2018-3143/
CVE	SUSE CVE CVE-2018-3156 page	https://www.suse.com/security/cve/CVE-2018-3156/
CVE	SUSE CVE CVE-2018-3174 page	https://www.suse.com/security/cve/CVE-2018-3174/
CVE	SUSE CVE CVE-2018-3251 page	https://www.suse.com/security/cve/CVE-2018-3251/
CVE	SUSE CVE CVE-2018-3282 page	https://www.suse.com/security/cve/CVE-2018-3282/
CVE	SUSE CVE CVE-2019-2529 page	https://www.suse.com/security/cve/CVE-2019-2529/
CVE	SUSE CVE CVE-2019-2537 page	https://www.suse.com/security/cve/CVE-2019-2537/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/mariadb?arch=x86_64&distro=sles-12&sp=2	suse	mariadb	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb?arch=x86_64&distro=sles-12&sp=1	suse	mariadb	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb?arch=s390x&distro=sles-12&sp=2	suse	mariadb	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/mariadb?arch=s390x&distro=sles-12&sp=1	suse	mariadb	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/mariadb?arch=ppc64le&distro=sles-12&sp=2	suse	mariadb	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb?arch=ppc64le&distro=sles-12&sp=1	suse	mariadb	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-tools?arch=x86_64&distro=sles-12&sp=2	suse	mariadb-tools	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-tools?arch=x86_64&distro=sles-12&sp=1	suse	mariadb-tools	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-tools?arch=s390x&distro=sles-12&sp=2	suse	mariadb-tools	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-tools?arch=s390x&distro=sles-12&sp=1	suse	mariadb-tools	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-tools?arch=ppc64le&distro=sles-12&sp=2	suse	mariadb-tools	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-tools?arch=ppc64le&distro=sles-12&sp=1	suse	mariadb-tools	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sles-12&sp=2	suse	mariadb-errormessages	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-errormessages?arch=x86_64&distro=sles-12&sp=1	suse	mariadb-errormessages	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-errormessages?arch=s390x&distro=sles-12&sp=2	suse	mariadb-errormessages	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-errormessages?arch=s390x&distro=sles-12&sp=1	suse	mariadb-errormessages	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-errormessages?arch=ppc64le&distro=sles-12&sp=2	suse	mariadb-errormessages	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-errormessages?arch=ppc64le&distro=sles-12&sp=1	suse	mariadb-errormessages	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sles-12&sp=2	suse	mariadb-client	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-client?arch=x86_64&distro=sles-12&sp=1	suse	mariadb-client	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/mariadb-client?arch=s390x&distro=sles-12&sp=2	suse	mariadb-client	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-client?arch=s390x&distro=sles-12&sp=1	suse	mariadb-client	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/mariadb-client?arch=ppc64le&distro=sles-12&sp=2	suse	mariadb-client	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/mariadb-client?arch=ppc64le&distro=sles-12&sp=1	suse	mariadb-client	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqld18?arch=x86_64&distro=sles-12&sp=1	suse	libmysqld18	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqld18?arch=s390x&distro=sles-12&sp=1	suse	libmysqld18	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/libmysqld18?arch=ppc64le&distro=sles-12&sp=1	suse	libmysqld18	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqld-devel?arch=x86_64&distro=sles-12&sp=1	suse	libmysqld-devel	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqld-devel?arch=s390x&distro=sles-12&sp=1	suse	libmysqld-devel	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/libmysqld-devel?arch=ppc64le&distro=sles-12&sp=1	suse	libmysqld-devel	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqlclient_r18?arch=x86_64&distro=sles-12&sp=1	suse	libmysqlclient_r18	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient_r18?arch=s390x&distro=sles-12&sp=1	suse	libmysqlclient_r18	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient_r18?arch=ppc64le&distro=sles-12&sp=1	suse	libmysqlclient_r18	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=2	suse	libmysqlclient18	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=x86_64&distro=sles-12&sp=1	suse	libmysqlclient18	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=2	suse	libmysqlclient18	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient18?arch=s390x&distro=sles-12&sp=1	suse	libmysqlclient18	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=2	suse	libmysqlclient18	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqlclient18?arch=ppc64le&distro=sles-12&sp=1	suse	libmysqlclient18	< 10.0.38-29.27.3	sles-12	ppc64le
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=2	suse	libmysqlclient18-32bit	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=x86_64&distro=sles-12&sp=1	suse	libmysqlclient18-32bit	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=2	suse	libmysqlclient18-32bit	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient18-32bit?arch=s390x&distro=sles-12&sp=1	suse	libmysqlclient18-32bit	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient-devel?arch=x86_64&distro=sles-12&sp=1	suse	libmysqlclient-devel	< 10.0.38-29.27.3	sles-12	x86_64
Affected	pkg:rpm/suse/libmysqlclient-devel?arch=s390x&distro=sles-12&sp=1	suse	libmysqlclient-devel	< 10.0.38-29.27.3	sles-12	s390x
Affected	pkg:rpm/suse/libmysqlclient-devel?arch=ppc64le&distro=sles-12&sp=1	suse	libmysqlclient-devel	< 10.0.38-29.27.3	sles-12	ppc64le

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date