FEDORA-2018-77e610115a

security update in Fedora 28 for mariadb

Status: stable 9 months ago

MariaDB 10.2.17

Release notes:

https://mariadb.com/kb/en/library/mariadb-10217-release-notes/

CVEs fixed:

CVE-2018-3060 CVE-2018-3064 CVE-2018-3063 CVE-2018-3058 CVE-2018-3066 CVE-2018-3081

How to install

sudo dnf upgrade --advisory=FEDORA-2018-77e610115a

Comments 14

This update has been submitted for testing by mschorm.

hello mschorm, CVE-2018-3081 has already been fixed in the official mariadb release 10.2.15 (https://mariadb.com/kb/en/library/mariadb-10215-release-notes/). The official Release 10.2.17 fixes only5 of the 6 cves you mentioned (https://mariadb.com/kb/en/library/mariadb-10217-release-notes/). So is CVE-2018-3081 really fixed with this security update or was it already fixed? I could not find any reference to this cve in the fedora release 10.2.15 (https://bodhi.fedoraproject.org/updates/FEDORA-2018-86026275ea).

This update has been pushed to testing.

no regressions noted

karma: +1

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

@muench You are correct. It has been already fixed in 10.2:15, but I added it to this release. One of the reasons is, that even the upstream marked it fixed some time after release. (Maybe fixed it not knowing it was a CVE, marking it later)

I thought it would be good move to mention it atleast now, when I couldn't (or forgot to) do it with older release. Is that OK? Would you like me to change the formating somehow?

Working well.

karma: +1

@mschorm alright! I like your formatting :-) I was just concerned wether the vulnerability still exists in the fedora release 10.2.16 or not.

I tested this with my music server and it seems to work.

karma: +1

This update has been submitted for batched by mschorm.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1564966 CVE-2018-2767 mariadb: mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) [fedora-all]
#1602428 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3081 mariadb: various flaws [fedora-all]
#1616261 CVE-2018-3081 mariadb-connector-c: mysql: Client programs unspecified vulnerability (CPU Jul 2018) [fedora-27]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+5
stable threshold: 2
unstable threshold: -1
Autopush
Disabled
Dates
submitted 9 months ago
in testing 9 months ago
in stable 9 months ago

Related Bugs 3

00 #1564966 CVE-2018-2767 mariadb: mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) [fedora-all]
00 #1602428 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3081 mariadb: various flaws [fedora-all]
00 #1616261 CVE-2018-3081 mariadb-connector-c: mysql: Client programs unspecified vulnerability (CPU Jul 2018) [fedora-27]

Automated Test Results