mariadb55-mariadb-5.5.53-1.AXS4

エラータID: AXSA:2016-717:04

Release date: 
Tuesday, November 1, 2016 - 11:02
Subject: 
mariadb55-mariadb-5.5.53-1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Severity: 
High
Description: 

MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

Security issues fixed with this release:

CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31
and earlier, and 5.7.13 and earlier allows remote authenticated users
to affect availability via vectors related to DML.
CVE-2016-5616
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: MyISAM.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows
remote authenticated users to affect availability via vectors related
to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote administrators to
affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x
before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before
5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create
arbitrary configurations and bypass certain protection mechanisms by
setting general_log_file to a my.cnf configuration. NOTE: this can be
leveraged to execute arbitrary code with root privileges by setting
malloc_lib.
CVE-2016-6663
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Types.

The following packages have been upgraded to a newer upstream version: mariadb55-mariadb (5.5.53).

Solution: 

Update packages.

CVEs: 
CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-6663
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Additional Info: 

N/A

Download: 

SRPMS
  1. mariadb55-mariadb-5.5.53-1.AXS4.src.rpm
    MD5: 5e6230f83bd89342c3e4cb4d41ef619e
    SHA-256: f7b66a91130ecf29423da091605794389e9ae267b871662eca0d8fed516a3d12
    Size: 38.92 MB

Asianux Server 4 for x86_64
  1. mariadb55-mariadb-5.5.53-1.AXS4.x86_64.rpm
    MD5: 14978fff1be0d203c34272367faec763
    SHA-256: 4f7b3fba8df98f6a7506a521d70c3b704f7ba49aa1f7b70477e1683d487f2fbe
    Size: 10.51 MB
  2. mariadb55-mariadb-bench-5.5.53-1.AXS4.x86_64.rpm
    MD5: b70c9e91a2a9915f5b6c8ebd638aa88b
    SHA-256: c2f7e6f3cd76c96d5072138d1600e9afaf952199d6a8994fa0586bd6a515ca61
    Size: 392.75 kB
  3. mariadb55-mariadb-devel-5.5.53-1.AXS4.x86_64.rpm
    MD5: 92720a9db51ba4c273fbc3906c051fd2
    SHA-256: fe6ac067894f674691fa15f97e21f019d8552a6a764d0538f08ef92509a5fd7a
    Size: 761.94 kB
  4. mariadb55-mariadb-libs-5.5.53-1.AXS4.x86_64.rpm
    MD5: e155542e380acddb007e4188aa3d57ba
    SHA-256: 0618da9c58d501dcb8f911bea41d327d1e073376978d45bcbad6824c1606df33
    Size: 204.48 kB
  5. mariadb55-mariadb-server-5.5.53-1.AXS4.x86_64.rpm
    MD5: 3ae2e5ca34c47ff35a31c41c5cc95a0f
    SHA-256: 86b141d0ddef396cdbb221a339cc080533f26d9f8be96cca9b614f25b1ac8b4a
    Size: 12.67 MB
  6. mariadb55-mariadb-test-5.5.53-1.AXS4.x86_64.rpm
    MD5: d0657cb9c456c8aac1905f063c14759f
    SHA-256: 9eb144343893d4400d24ee3b63ae8b00b12e57cb2fe6f513250702d01d6e165f
    Size: 8.87 MB