rh-mariadb101-mariadb-10.1.19-6.AXS4

エラータID: AXSA:2017-1288:01

リリース日: 
2017/02/06 Monday - 22:16
題名: 
rh-mariadb101-mariadb-10.1.19-6.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Severity: 
High
Description: 

MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

Security issues fixed with this release:

CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Optimizer.
CVE-2016-5616
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows local users to affect
confidentiality, integrity, and availability via vectors related to
Server: MyISAM.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows
remote authenticated users to affect availability via vectors related
to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote administrators to
affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through
5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x
before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before
5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create
arbitrary configurations and bypass certain protection mechanisms by
setting general_log_file to a my.cnf configuration. NOTE: this can be
leveraged to execute arbitrary code with root privileges by setting
malloc_lib.
CVE-2016-6663
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
and earlier, and 5.7.14 and earlier allows remote authenticated users
to affect availability via vectors related to Server: Types.

The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb (10.1.19).

解決策: 

Update packages.

CVE: 
CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-5616
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
CVE-2016-5626
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
CVE-2016-6663
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
CVE-2016-8283
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rh-mariadb101-mariadb-10.1.19-6.AXS4.src.rpm
    MD5: 5229ad5b8af1574ea1843e7c25dd60ad
    SHA-256: f2b4cc6e754f3bf7a43186eaa2b4da74ea5675c88172ce324c122c58fcf843c1
    Size: 53.07 MB

Asianux Server 4 for x86_64
  1. rh-mariadb101-mariadb-10.1.19-6.AXS4.x86_64.rpm
    MD5: 344267d3526de3904d5eaaa3041ba523
    SHA-256: 03a7d22f03f67297997494b30807e85ea51a596add3b57be05fe77d5c73bebed
    Size: 7.07 MB
  2. rh-mariadb101-mariadb-bench-10.1.19-6.AXS4.x86_64.rpm
    MD5: 383c1b6e5795bc6af38a73966d539f90
    SHA-256: 2e3bbc2c506503d7b236cc8c59c2b5e5d11a2973690d1476cbe0b514e0608dc1
    Size: 406.02 kB
  3. rh-mariadb101-mariadb-common-10.1.19-6.AXS4.x86_64.rpm
    MD5: 77fd41dd7b1c6b3d163806d66efc6311
    SHA-256: 366cf195f8af3448fbeca334201361f37dfd3d4c9578d8c8b58c3e27ba6ac6a6
    Size: 59.39 kB
  4. rh-mariadb101-mariadb-config-10.1.19-6.AXS4.x86_64.rpm
    MD5: e2647aed449fe1ef37d76a792e9cf61e
    SHA-256: 3f76212394c773913198d6cbddefce04da1f608cda32a9bdc993a2d79c4bc40c
    Size: 24.27 kB
  5. rh-mariadb101-mariadb-devel-10.1.19-6.AXS4.x86_64.rpm
    MD5: 5b8d30387ce40590bf2c68cfd91cecb5
    SHA-256: a259df53ee5fa2d6a8dd4f7eabb002b3ac917b4d0759e7d0f9b6a26a2d6518cc
    Size: 936.31 kB
  6. rh-mariadb101-mariadb-errmsg-10.1.19-6.AXS4.x86_64.rpm
    MD5: 03ee44999c0ece1047af0e99a69f23c1
    SHA-256: da59ffddc772a6b00bbf08af17a96b1422e2d1dbe6391f101caef90d9ba0e07f
    Size: 250.46 kB
  7. rh-mariadb101-mariadb-oqgraph-engine-10.1.19-6.AXS4.x86_64.rpm
    MD5: 4987175317f0b7dc9aea493233ecd945
    SHA-256: ae86642c7e933cb546f73f5acbd07a0e810b94eb4d39aa313a2791375c32d702
    Size: 89.45 kB
  8. rh-mariadb101-mariadb-server-10.1.19-6.AXS4.x86_64.rpm
    MD5: 259619fc91021ee62dbdc72acba5d8a9
    SHA-256: f0c0d37c7d02c64d3e4cb2e984b98b87a8cec9c61e71f24943c12ccd1e4a78c9
    Size: 19.42 MB
  9. rh-mariadb101-mariadb-server-galera-10.1.19-6.AXS4.x86_64.rpm
    MD5: b0720e5245409fb8dee17c2ac58b8aac
    SHA-256: a1d5bdbfc9bee927f02654437e672064cc403116d2eb1d62b232b24339f44382
    Size: 37.95 kB
  10. rh-mariadb101-mariadb-test-10.1.19-6.AXS4.x86_64.rpm
    MD5: 6f2773efc7a1abe6b752159463a25e4b
    SHA-256: 82dcb2a6939601a3c79f4c57a1c5e939f6f9e2bfdfd7a6f74c43fa3cd4ea6c1b
    Size: 11.14 MB