FEDORA-2018-77e610115a created by mschorm 3 years ago for Fedora 28
stable

MariaDB 10.2.17

Release notes:

https://mariadb.com/kb/en/library/mariadb-10217-release-notes/

CVEs fixed:

CVE-2018-3060 CVE-2018-3064 CVE-2018-3063 CVE-2018-3058 CVE-2018-3066 CVE-2018-3081

How to install

sudo dnf upgrade --advisory=FEDORA-2018-77e610115a

This update has been submitted for testing by mschorm.

3 years ago

hello mschorm, CVE-2018-3081 has already been fixed in the official mariadb release 10.2.15 (https://mariadb.com/kb/en/library/mariadb-10215-release-notes/). The official Release 10.2.17 fixes only5 of the 6 cves you mentioned (https://mariadb.com/kb/en/library/mariadb-10217-release-notes/). So is CVE-2018-3081 really fixed with this security update or was it already fixed? I could not find any reference to this cve in the fedora release 10.2.15 (https://bodhi.fedoraproject.org/updates/FEDORA-2018-86026275ea).

This update has been pushed to testing.

3 years ago
User Icon lobocode commented & provided feedback 3 years ago
karma

works

User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

3 years ago
User Icon imabug provided feedback 3 years ago
karma

@muench You are correct. It has been already fixed in 10.2:15, but I added it to this release. One of the reasons is, that even the upstream marked it fixed some time after release. (Maybe fixed it not knowing it was a CVE, marking it later)

I thought it would be good move to mention it atleast now, when I couldn't (or forgot to) do it with older release. Is that OK? Would you like me to change the formating somehow?

User Icon mhayden commented & provided feedback 3 years ago
karma

Working well.

@mschorm alright! I like your formatting :-) I was just concerned wether the vulnerability still exists in the fedora release 10.2.16 or not.

User Icon bowlofeggs commented & provided feedback 3 years ago
karma

I tested this with my music server and it seems to work.

This update has been submitted for batched by mschorm.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1564966 CVE-2018-2767 mariadb: mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) [fedora-all]
0
0
BZ#1602428 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3081 mariadb: various flaws [fedora-all]
0
0
BZ#1616261 CVE-2018-3081 mariadb-connector-c: mysql: Client programs unspecified vulnerability (CPU Jul 2018) [fedora-27]
0
0

Automated Test Results