security update in Fedora 28 for mariadb

Status: stable a year ago

MariaDB 10.2.17

Release notes:


CVEs fixed:

CVE-2018-3060 CVE-2018-3064 CVE-2018-3063 CVE-2018-3058 CVE-2018-3066 CVE-2018-3081

Comments 14

This update has been submitted for testing by mschorm.

hello mschorm, CVE-2018-3081 has already been fixed in the official mariadb release 10.2.15 (https://mariadb.com/kb/en/library/mariadb-10215-release-notes/). The official Release 10.2.17 fixes only5 of the 6 cves you mentioned (https://mariadb.com/kb/en/library/mariadb-10217-release-notes/). So is CVE-2018-3081 really fixed with this security update or was it already fixed? I could not find any reference to this cve in the fedora release 10.2.15 (https://bodhi.fedoraproject.org/updates/FEDORA-2018-86026275ea).

This update has been pushed to testing.


karma: +1

no regressions noted

karma: +1

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

@muench You are correct. It has been already fixed in 10.2:15, but I added it to this release. One of the reasons is, that even the upstream marked it fixed some time after release. (Maybe fixed it not knowing it was a CVE, marking it later)

I thought it would be good move to mention it atleast now, when I couldn't (or forgot to) do it with older release. Is that OK? Would you like me to change the formating somehow?

Working well.

karma: +1

@mschorm alright! I like your formatting :-) I was just concerned wether the vulnerability still exists in the fedora release 10.2.16 or not.

I tested this with my music server and it seems to work.

karma: +1

This update has been submitted for batched by mschorm.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 2
unstable threshold: -1
Autopush (karma)
Autopush (time)
submitted a year ago
in testing a year ago
in stable a year ago

Related Bugs 3

00 #1564966 CVE-2018-2767 mariadb: mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) [fedora-all]
00 #1602428 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3081 mariadb: various flaws [fedora-all]
00 #1616261 CVE-2018-3081 mariadb-connector-c: mysql: Client programs unspecified vulnerability (CPU Jul 2018) [fedora-27]

Automated Test Results