mariadb-5.5.47-1.el7

MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

Security issues fixed with this release:

CVE-2015-4792
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server : Partition, a
different vulnerability than CVE-2015-4802.
CVE-2015-4802
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server : Partition, a
different vulnerability than CVE-2015-4792.
CVE-2015-4815
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
availability via vectors related to Server : DDL.
CVE-2015-4816
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : InnoDB.
CVE-2015-4819
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier,
and 5.6.25 and earlier, allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Client
programs.
CVE-2015-4826
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
confidentiality via unknown vectors related to Server : Types.
CVE-2015-4830
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
integrity via unknown vectors related to Server : Security :
Privileges.
CVE-2015-4836
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
and 5.6.26 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : SP.
CVE-2015-4858
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
and 5.6.26 and earlier, allows remote authenticated users to affect
availability via vectors related to DML, a different vulnerability
than CVE-2015-4913.
CVE-2015-4861
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
and 5.6.26 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : InnoDB.
CVE-2015-4870
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
and 5.6.26 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : Parser.
CVE-2015-4879
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier,
and 5.6.25 and earlier, allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors related to
DML.
CVE-2015-4913
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
availability via vectors related to Server : DML, a different
vulnerability than CVE-2015-4858.
CVE-2016-0505
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via unknown vectors related to Options.
CVE-2016-0546
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Client.
CVE-2016-0596
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and
5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23,
and 10.1.x before 10.1.10 allows remote authenticated users to affect
availability via vectors related to DML.
CVE-2016-0597
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via unknown vectors related to Optimizer.
CVE-2016-0598
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via vectors related to DML.
CVE-2016-0600
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via unknown vectors related to InnoDB.
CVE-2016-0606
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect integrity via unknown vectors related to encryption.
CVE-2016-0608
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via vectors related to UDF.
CVE-2016-0609
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via unknown vectors related to privileges.
CVE-2016-0616
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and
MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before
10.1.10 allows remote authenticated users to affect availability via
unknown vectors related to Optimizer.
CVE-2016-2047
The ssl_verify_server_cert function in sql-common/client.c in MariaDB
before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10,
Oracle MySQL, and Percona Server do not properly verify that the
server hostname matches a domain name in the subject's Common Name
(CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof SSL servers via a "/CN=" string
in a field in a certificate, as demonstrated by
"/OU=/CN=bar.com/CN=foo.com."

The following packages have been upgraded to a newer upstream version: MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.

Fixed bugs:

* When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a "Duplicate key" error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario.