mariadb-5.5.52-1.el7

エラータID: AXSA:2016-1117:03

Release date: 
Tuesday, November 29, 2016 - 11:35
Subject: 
mariadb-5.5.52-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

Security issues fixed with this release:

CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31
and earlier, and 5.7.13 and earlier allows remote authenticated users
to affect availability via vectors related to DML.
CVE-2016-5616
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: MyISAM.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows
remote authenticated users to affect availability via vectors related
to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote administrators to
affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x
before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before
5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create
arbitrary configurations and bypass certain protection mechanisms by
setting general_log_file to a my.cnf configuration. NOTE: this can be
leveraged to execute arbitrary code with root privileges by setting
malloc_lib.
CVE-2016-6663
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Types.

The following packages have been upgraded to a newer upstream version: mariadb (5.5.52).
Additional Changes:

Solution: 

Update packages.

CVEs: 
CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-6663
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Additional Info: 

N/A

Download: 

SRPMS
  1. mariadb-5.5.52-1.el7.src.rpm
    MD5: 171c2fdbc7247b8c2f6d606bc068cd37
    SHA-256: d134ad04267a8bf46256931a877d35e5b35e2e99c7afbefbbe9a0de3edfc3f84
    Size: 38.94 MB

Asianux Server 7 for x86_64
  1. mariadb-5.5.52-1.el7.x86_64.rpm
    MD5: 30eb8b6b66fa8ef96d0ad7927fc451d7
    SHA-256: eb3fa0d0b5f978b596f3995c308c7ae2da792af342ac3fd1000fc640dbc46465
    Size: 8.64 MB
  2. mariadb-bench-5.5.52-1.el7.x86_64.rpm
    MD5: f3e2bb40966d84e065811250f9457a25
    SHA-256: 90123baa66bd41e4815e1f81386a2ca37bc6e3758cdeb01fdd08428f44da9857
    Size: 385.66 kB
  3. mariadb-devel-5.5.52-1.el7.x86_64.rpm
    MD5: 67ac569000572748802b1fec6b2fc243
    SHA-256: 8b7d4e40bd8f6361608bd765f7f8586d43eecc97c869c000c68013611df4a654
    Size: 749.39 kB
  4. mariadb-libs-5.5.52-1.el7.x86_64.rpm
    MD5: 647713fd5ec22127d0c807dd07058b13
    SHA-256: 328f5967cff7ab65d74cc5c29682cd61cfb36d95fca4ec6b866a17f747d35273
    Size: 760.23 kB
  5. mariadb-server-5.5.52-1.el7.x86_64.rpm
    MD5: 8d4e7f74184da4025527e629b7178a89
    SHA-256: 25115a9934928ba93474c40695ab45053cde8134bb71cb19fedde881e13c420f
    Size: 10.74 MB
  6. mariadb-test-5.5.52-1.el7.x86_64.rpm
    MD5: e4428b36ccda9e852b608639a7043f0f
    SHA-256: 6a4c2f8c19aa8427280057ac0a9c57cbd6c5ded078b3b6cd8617d9314aeb9623
    Size: 8.06 MB
  7. mariadb-devel-5.5.52-1.el7.i686.rpm
    MD5: e14d322ca24ae5d8f9a6bf1106a4ae7e
    SHA-256: a2e3a1e399efaa8fd5747cf0abfc7a563cef691c6bb70528ccef17741a77af6a
    Size: 749.43 kB
  8. mariadb-libs-5.5.52-1.el7.i686.rpm
    MD5: 190061f2aa696740ce4b0d5173371eb7
    SHA-256: 3094f420f09baf6a4ad22ef9916cb2018120dae276c36410b1686c4e873edee1
    Size: 758.85 kB