openSUSE Security Update : mariadb (openSUSE-2017-257)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This mariadb version update to 10.0.29 fixes the following issues :

- CVE-2017-3318: unspecified vulnerability affecting Error
Handling (bsc#1020896)

- CVE-2017-3317: unspecified vulnerability affecting
Logging (bsc#1020894)

- CVE-2017-3312: insecure error log file handling in
mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873)

- CVE-2017-3291: unrestricted mysqld_safe's ledir
(bsc#1020884)

- CVE-2017-3265: unsafe chmod/chown use in init script
(bsc#1020885)

- CVE-2017-3258: unspecified vulnerability in the DDL
component (bsc#1020875)

- CVE-2017-3257: unspecified vulnerability affecting
InnoDB (bsc#1020878)

- CVE-2017-3244: unspecified vulnerability affecing the
DML component (bsc#1020877)

- CVE-2017-3243: unspecified vulnerability affecting the
Charsets component (bsc#1020891)

- CVE-2017-3238: unspecified vulnerability affecting the
Optimizer component (bsc#1020882)

- CVE-2016-6664: Root Privilege Escalation (bsc#1008253)

- Applications using the client library for MySQL
(libmysqlclient.so) had a use-after-free issue that
could cause the applications to crash (bsc#1022428)

- notable changes :

- XtraDB updated to 5.6.34-79.1

- TokuDB updated to 5.6.34-79.1

- Innodb updated to 5.6.35

- Performance Schema updated to 5.6.35

Release notes and changelog :

- https://kb.askmonty.org/en/mariadb-10029-release-notes

- https://kb.askmonty.org/en/mariadb-10029-changelog

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1008253
https://bugzilla.opensuse.org/show_bug.cgi?id=1020868
https://bugzilla.opensuse.org/show_bug.cgi?id=1020873
https://bugzilla.opensuse.org/show_bug.cgi?id=1020875
https://bugzilla.opensuse.org/show_bug.cgi?id=1020877
https://bugzilla.opensuse.org/show_bug.cgi?id=1020878
https://bugzilla.opensuse.org/show_bug.cgi?id=1020882
https://bugzilla.opensuse.org/show_bug.cgi?id=1020884
https://bugzilla.opensuse.org/show_bug.cgi?id=1020885
https://bugzilla.opensuse.org/show_bug.cgi?id=1020891
https://bugzilla.opensuse.org/show_bug.cgi?id=1020894
https://bugzilla.opensuse.org/show_bug.cgi?id=1020896
https://bugzilla.opensuse.org/show_bug.cgi?id=1022428
https://kb.askmonty.org/en/mariadb-10029-changelog
https://kb.askmonty.org/en/mariadb-10029-release-notes

Solution :

Update the affected mariadb packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now