Moderate CentOS mariadb Security Update

Metadata

high
7.2
mariadb-5.5.47-1.el7_2.src.rpm, mariadb-5.5.47-1.el7_2.x86_64.rpm, mariadb-bench-5.5.47-1.el7_2.x86_64.rpm, mariadb-devel-5.5.47-1.el7_2.i686.rpm, mariadb-devel-5.5.47-1.el7_2.x86_64.rpm, mariadb-embedded-5.5.47-1.el7_2.i686.rpm, mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm, mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm, mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm, mariadb-libs-5.5.47-1.el7_2.i686.rpm, mariadb-libs-5.5.47-1.el7_2.x86_64.rpm, mariadb-server-5.5.47-1.el7_2.x86_64.rpm, mariadb-test-5.5.47-1.el7_2.x86_64.rpm
CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0642, CVE-2016-0651, CVE-2016-2047, CVE-2016-3471
rhn.redhat.com, lists.centos.org
2016-03-31
2017-07-27 19:10
ALAS-2016-684
ALAS-2016-701
ALAS-2016-738
Moderate CentOS mysql55-mysql Security Update
CVE-2016-3471 mysql-5.5
CVE-2016-3471 mysql-5.6
CVE-2015-4858 mysql-5.5
CVE-2015-4830 mysql-5.6
CVE-2016-2047 mariadb-10.0
CVE-2015-4819 mariadb-10.0
CVE-2015-4836 mariadb-10.0
CVE-2016-0608 mysql-5.6
CVE-2015-4816 mysql-5.5
CVE-2015-4819 mysql-5.5
CVE-2016-0597 mysql-5.6
CVE-2016-0597 mysql-5.5
CVE-2015-4802 mysql-5.5
CVE-2016-0651 mysql-5.5
CVE-2016-0597 mariadb-10.0
CVE-2015-4802 mariadb-10.0
CVE-2016-0608 mariadb-10.0
CVE-2015-4792 mariadb-10.0
CVE-2015-4861 mysql-5.5
CVE-2016-0600 mysql-5.5
CVE-2015-4913 mariadb-10.0
CVE-2015-4879 mysql-5.5
CVE-2015-4830 mysql-5.5
CVE-2015-4870 mysql-5.5
CVE-2016-0598 mysql-5.5
CVE-2016-0609 mysql-5.6
CVE-2016-0505 mysql-5.5
CVE-2016-0606 mariadb-10.0
CVE-2016-2047 mysql-5.5
CVE-2016-0616 mariadb-10.0
CVE-2016-0546 mysql-5.6
CVE-2015-4913 mysql-5.5
CVE-2015-4816 mariadb-10.0
CVE-2016-0616 mysql-5.5
CVE-2016-0606 mysql-5.5
CVE-2016-0642 mysql-5.5
CVE-2015-4792 mysql-5.5
CVE-2015-4826 mysql-5.5
CVE-2016-0608 mysql-5.5
CVE-2015-4815 mariadb-10.0
CVE-2016-0609 mariadb-10.0
CVE-2015-4836 mysql-5.6
CVE-2015-4830 mariadb-10.0
CVE-2016-0546 mysql-5.5
CVE-2016-0546 mariadb-10.0
CVE-2015-4836 mysql-5.5
CVE-2015-4815 mysql-5.5
CVE-2016-2047 mysql-5.6
CVE-2015-4815 mysql-5.6
CVE-2015-4819 mysql-5.6
CVE-2016-0651 mysql-5.6
CVE-2015-4861 mariadb-10.0
CVE-2016-0642 mysql-5.6
CVE-2016-0642 mariadb-10.0
CVE-2016-0600 mariadb-10.0
CVE-2015-4870 mysql-5.6
CVE-2015-4816 mysql-5.6
CVE-2016-0616 mysql-5.6
CVE-2015-4858 mysql-5.6
CVE-2016-0651 mariadb-10.0
CVE-2016-0505 mariadb-10.0
CVE-2015-4826 mariadb-10.0
CVE-2016-0596 mariadb-10.0
CVE-2015-4870 mariadb-10.0
CVE-2016-0598 mariadb-10.0
CVE-2015-4858 mariadb-10.0
CVE-2015-4879 mariadb-10.0
CVE-2016-3471 mariadb-10.0
CVE-2015-4861 mysql-5.6
CVE-2015-4879 mysql-5.6
CVE-2016-0596 mysql-5.5
CVE-2016-0609 mysql-5.5
CVE-2016-0505 mysql-5.6
CVE-2015-4792 mysql-5.6
CVE-2016-0600 mysql-5.6
CVE-2015-4826 mysql-5.6
CVE-2016-0598 mysql-5.6
CVE-2016-0596 mysql-5.6
CVE-2015-4913 mysql-5.6
CVE-2016-0606 mysql-5.6
CVE-2015-4802 mysql-5.6
CVE-2015-4836
CVE-2015-4819
CVE-2015-4870
CVE-2015-4826
CVE-2016-3471
CVE-2016-0606
CVE-2015-4802
CVE-2015-4913
CVE-2015-4858
CVE-2015-4879
CVE-2015-4816
CVE-2016-0642
CVE-2015-4830
CVE-2016-0609
CVE-2016-0597
CVE-2016-0600
CVE-2016-0505
CVE-2016-0608
CVE-2015-4792
CVE-2016-2047
CVE-2016-0596
CVE-2015-4861
CVE-2016-0616
CVE-2016-0598
CVE-2015-4815
CVE-2016-0651
CVE-2016-0546
2017-04-01 19:09
2017-01-05 20:14

Description


An update for mariadb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a newer upstream version: MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.

Security Fix(es):

* It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047)

* This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)

Bug Fix(es):

* When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a "Duplicate key" error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946)
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
7 mariadb mariadb-5.5.47-1.el7_2.src.rpm
mariadb mariadb-5.5.47-1.el7_2.x86_64.rpm
mariadb-bench mariadb-bench-5.5.47-1.el7_2.x86_64.rpm
mariadb-devel mariadb-devel-5.5.47-1.el7_2.i686.rpm
mariadb-devel mariadb-devel-5.5.47-1.el7_2.x86_64.rpm
mariadb-embedded mariadb-embedded-5.5.47-1.el7_2.i686.rpm
mariadb-embedded mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm
mariadb-embedded-devel mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm
mariadb-embedded-devel mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm
mariadb-libs mariadb-libs-5.5.47-1.el7_2.i686.rpm
mariadb-libs mariadb-libs-5.5.47-1.el7_2.x86_64.rpm
mariadb-server mariadb-server-5.5.47-1.el7_2.x86_64.rpm
mariadb-test mariadb-test-5.5.47-1.el7_2.x86_64.rpm