rh-mariadb100-mariadb-10.0.28-5.AXS4

エラータID: AXSA:2016-1176:03

Release date: 
Friday, December 9, 2016 - 09:09
Subject: 
rh-mariadb100-mariadb-10.0.28-5.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Severity: 
High
Description: 

MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

Security issues fixed with this release:

CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31
and earlier, and 5.7.13 and earlier allows remote authenticated users
to affect availability via vectors related to DML.
CVE-2016-5616
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: MyISAM.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows
remote authenticated users to affect availability via vectors related
to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote administrators to
affect availability via vectors related to Server: Federated.
CVE-2016-5630
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and
5.7.13 and earlier allows remote administrators to affect availability
via vectors related to Server: InnoDB.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x
before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before
5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create
arbitrary configurations and bypass certain protection mechanisms by
setting general_log_file to a my.cnf configuration. NOTE: this can be
leveraged to execute arbitrary code with root privileges by setting
malloc_lib.
CVE-2016-6663
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Types.

The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb (10.0.28).

Solution: 

Update packages.

CVEs: 
CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-5630
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-6663
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Additional Info: 

N/A

Download: 

SRPMS
  1. rh-mariadb100-mariadb-10.0.28-5.AXS4.src.rpm
    MD5: 5bfb61d7c6adf25110783bfbd5c9f14d
    SHA-256: 3e48fdcc963e340cfb685a68db77f75035b5d89274a091fb31af0ed2243c8356
    Size: 55.05 MB

Asianux Server 4 for x86_64
  1. rh-mariadb100-mariadb-10.0.28-5.AXS4.x86_64.rpm
    MD5: 276c404a981b90925025fd4671cb5a9c
    SHA-256: 372b5cf3b982cf9020bc0756ed28e42bf90288880c0868698c66647f0c31b605
    Size: 6.99 MB
  2. rh-mariadb100-mariadb-bench-10.0.28-5.AXS4.x86_64.rpm
    MD5: ac4f6cc40f761fa3c1725632f749a4bd
    SHA-256: 324baf0eca88fdf434f92057cd21fd50ebbc8c660c5a80f6236a63313c262dad
    Size: 405.31 kB
  3. rh-mariadb100-mariadb-common-10.0.28-5.AXS4.x86_64.rpm
    MD5: b5588f6b72c7802dc4a30d8eeedaf8f9
    SHA-256: 6dd280f99894683097242814df29af1dda6560041121ccf4103f07957e1080f0
    Size: 70.25 kB
  4. rh-mariadb100-mariadb-config-10.0.28-5.AXS4.x86_64.rpm
    MD5: 0d8ae204db343f0a3f4513d977fcd0e3
    SHA-256: ab8030107b980c012067c0a3a4c6f07a03375cea14640a5df2774566b5501fd4
    Size: 23.02 kB
  5. rh-mariadb100-mariadb-devel-10.0.28-5.AXS4.x86_64.rpm
    MD5: 3b865b42b482c5878776e608a34434b7
    SHA-256: a095a6f8378ce960548b5e041ca5a3fedcd22fddbe73ce70345f83473b49325f
    Size: 892.37 kB
  6. rh-mariadb100-mariadb-errmsg-10.0.28-5.AXS4.x86_64.rpm
    MD5: 0a451584c4d2fbce8e1649fd79a78894
    SHA-256: a80aaa6acae1dd11165d98fdadd3fdebcdb2d10d1d58e8b2aa433772c6b98ec5
    Size: 248.79 kB
  7. rh-mariadb100-mariadb-oqgraph-engine-10.0.28-5.AXS4.x86_64.rpm
    MD5: 62883bac506b4d5e5441c57efd825bd7
    SHA-256: 012e20018d66435091b6d653502130017a72b9a99102c869225123fdf166757d
    Size: 88.70 kB
  8. rh-mariadb100-mariadb-server-10.0.28-5.AXS4.x86_64.rpm
    MD5: 0edc8dbfcf36d4e71c5aa92274da8a75
    SHA-256: 7867b14d2143efc6dbe53919a9409583f8a3840a5df0551785c3680f427c1739
    Size: 18.67 MB
  9. rh-mariadb100-mariadb-test-10.0.28-5.AXS4.x86_64.rpm
    MD5: cd0d76d0c8a0d1638db9d368191334e5
    SHA-256: 7a390f080f00cbf27f5a1f6cf2b356273cdd1bbf2d7675e94eea28af7d27964c
    Size: 10.35 MB