rh-mariadb101-mariadb-10.1.19-6.el7

エラータID: AXSA:2016-1178:02

リリース日: 
2016/12/09 Friday - 10:11
題名: 
rh-mariadb101-mariadb-10.1.19-6.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

Security issues fixed with this release:

CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Optimizer.
CVE-2016-5616
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: MyISAM.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows
remote authenticated users to affect availability via vectors related
to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote administrators to
affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x
before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before
5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create
arbitrary configurations and bypass certain protection mechanisms by
setting general_log_file to a my.cnf configuration. NOTE: this can be
leveraged to execute arbitrary code with root privileges by setting
malloc_lib.
CVE-2016-6663
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Types.

The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb (10.1.19).

解決策: 

Update packages.

CVE: 
CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-6663
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rh-mariadb101-mariadb-10.1.19-6.el7.src.rpm
    MD5: 19b9b1555333d9779e0c73ac3fff7a5d
    SHA-256: 706e920bb725c6902c72c76996d6d77df006537b7d051e7339aecda75fcc8be2
    Size: 53.07 MB

Asianux Server 7 for x86_64
  1. rh-mariadb101-mariadb-10.1.19-6.el7.x86_64.rpm
    MD5: 250fb5784c924e4e5220320bb47a97b6
    SHA-256: c37197c16ee033aae014d350574ecfe9193da58a00b497ad32ec0785eb67757b
    Size: 6.21 MB
  2. rh-mariadb101-mariadb-bench-10.1.19-6.el7.x86_64.rpm
    MD5: 4d6c7760997401294a8683bf1735c73d
    SHA-256: ae53f0ec1f7a1609c40dc7b70678e40f34c598f393e6911408e6c2455127485c
    Size: 396.53 kB
  3. rh-mariadb101-mariadb-common-10.1.19-6.el7.x86_64.rpm
    MD5: b0df2e521cf4714f696e054ea8e7e196
    SHA-256: a89478c7a4f53b676d46f56aa798029ee6b5e77851572b43340eeae5b319c660
    Size: 62.05 kB
  4. rh-mariadb101-mariadb-config-10.1.19-6.el7.x86_64.rpm
    MD5: 8a58f0ebf0de84c2e32681ff2ec19010
    SHA-256: 62428f9722ebe3042a58d7b07c79a39332e4e74de2949b5ef0d762c2012b8be2
    Size: 24.61 kB
  5. rh-mariadb101-mariadb-devel-10.1.19-6.el7.x86_64.rpm
    MD5: 9a4ffc8e1f248a0fbc67a222d44cf4f4
    SHA-256: 015cba49878efce06a8534657318b51bc5dd71c0df1d698bcb6a50687a13b8fd
    Size: 918.79 kB
  6. rh-mariadb101-mariadb-errmsg-10.1.19-6.el7.x86_64.rpm
    MD5: b2080faa3964e2d9be461b7f7388aacb
    SHA-256: 0ad778d2780a5d9337f5ed4bed29c6e20293e3efeec87410132d9ff84e4f379a
    Size: 199.47 kB
  7. rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.el7.x86_64.rpm
    MD5: b0c3a131e4e2b81f9c9f02e61c13272c
    SHA-256: d77e8b2bae8f5f8ab020ddc536fef4aca305c9f89c27169baad434e913759ccd
    Size: 88.24 kB
  8. rh-mariadb101-mariadb-server-10.1.19-6.el7.x86_64.rpm
    MD5: 0e802601c372eb57da9b5e2a1b188ac5
    SHA-256: 8971df6e35831dac8e49f3dfe5aa2a5996aa54ca3089511d68f18bcd5daf04d6
    Size: 17.91 MB
  9. rh-mariadb101-mariadb-test-10.1.19-6.el7.x86_64.rpm
    MD5: cbd0c58a5da3f1efd4c602924037096e
    SHA-256: c033ed9968f9f44eeeb8e49ce03c4c05c3823b15ba00cb88b203654cf611b185
    Size: 21.60 MB