Scientific Linux Security Update : mariadb on SL7.x x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- It was found that the MariaDB client library did not
properly check host names against server identities
noted in the X.509 certificates when establishing secure
connections using TLS/SSL. A man-in-the-middle attacker
could possibly use this flaw to impersonate a server to
a client. (CVE-2016-2047)

(CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816,
CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836,
CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879,
CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596,
CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606,
CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)

Bug Fix(es) :

- When more than one INSERT operation was executed
concurrently on a non- empty InnoDB table with an
AUTO_INCREMENT column defined as a primary key
immediately after starting MariaDB, a race condition
could occur. As a consequence, one of the concurrent
INSERT operations failed with a 'Duplicate key' error
message. A patch has been applied to prevent the race
condition. Now, each row inserted as a result of the
concurrent INSERT operations receives a unique primary
key, and the operations no longer fail in this scenario.

See also :

http://www.nessus.org/u?fd7860ea

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)