SUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2019:0555-1)
high Nessus Plugin ID 122664
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 5.9
Synopsis
The remote SUSE host is missing one or more security updates.Description
This update for mariadb to version 10.2.22 fixes the following issues :Security issues fixed :
CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198).
CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198).
CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377)
CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432)
CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391)
CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397)
CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404)
CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384)
CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368)
CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386)
CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415)
CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417)
CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421)
CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678)
CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342)
CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges).
(bsc#1101677)
CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676)
CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)
Non-security issues fixed: Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027).
Fixed an issue where the lograte was not working (bsc#1112767).
Backport Information Schema CHECK_CONSTRAINTS Table.
Maximum value of table_definition_cache is now 2097152.
InnoDB ALTER TABLE fixes.
Galera crash recovery fixes.
Encryption fixes.
Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475).
Maria DB testsuite - test main.plugin_auth failed (bsc#1111859)
Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858)
Remove PerconaFT from the package as it has AGPL licence (bsc#1118754)
remove PerconaFT from the package as it has AGPL licence (bsc#1118754)
Database corruption after renaming a prefix-indexed column (bsc#1120041)
Release notes and changelog:
https://mariadb.com/kb/en/library/mariadb-10222-release-notes
https://mariadb.com/kb/en/library/mariadb-10222-changelog/
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Server Applications 15:zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-555=1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-555=1
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1013882
https://bugzilla.suse.com/show_bug.cgi?id=1101676
https://bugzilla.suse.com/show_bug.cgi?id=1101677
https://bugzilla.suse.com/show_bug.cgi?id=1101678
https://bugzilla.suse.com/show_bug.cgi?id=1103342
https://bugzilla.suse.com/show_bug.cgi?id=1111858
https://bugzilla.suse.com/show_bug.cgi?id=1111859
https://bugzilla.suse.com/show_bug.cgi?id=1112368
https://bugzilla.suse.com/show_bug.cgi?id=1112377
https://bugzilla.suse.com/show_bug.cgi?id=1112384
https://bugzilla.suse.com/show_bug.cgi?id=1112386
https://bugzilla.suse.com/show_bug.cgi?id=1112391
https://bugzilla.suse.com/show_bug.cgi?id=1112397
https://bugzilla.suse.com/show_bug.cgi?id=1112404
https://bugzilla.suse.com/show_bug.cgi?id=1112415
https://bugzilla.suse.com/show_bug.cgi?id=1112417
https://bugzilla.suse.com/show_bug.cgi?id=1112421
https://bugzilla.suse.com/show_bug.cgi?id=1112432
https://bugzilla.suse.com/show_bug.cgi?id=1112767
https://bugzilla.suse.com/show_bug.cgi?id=1116686
https://bugzilla.suse.com/show_bug.cgi?id=1118754
https://bugzilla.suse.com/show_bug.cgi?id=1120041
https://bugzilla.suse.com/show_bug.cgi?id=1122198
https://bugzilla.suse.com/show_bug.cgi?id=1122475
https://bugzilla.suse.com/show_bug.cgi?id=1127027
https://mariadb.com/kb/en/library/mariadb-10222-changelog/
https://mariadb.com/kb/en/library/mariadb-10222-release-notes
https://www.suse.com/security/cve/CVE-2016-9843/
https://www.suse.com/security/cve/CVE-2018-3058/
https://www.suse.com/security/cve/CVE-2018-3060/
https://www.suse.com/security/cve/CVE-2018-3063/
https://www.suse.com/security/cve/CVE-2018-3064/
https://www.suse.com/security/cve/CVE-2018-3066/
https://www.suse.com/security/cve/CVE-2018-3143/
https://www.suse.com/security/cve/CVE-2018-3156/
https://www.suse.com/security/cve/CVE-2018-3162/
https://www.suse.com/security/cve/CVE-2018-3173/
https://www.suse.com/security/cve/CVE-2018-3174/
https://www.suse.com/security/cve/CVE-2018-3185/
https://www.suse.com/security/cve/CVE-2018-3200/
https://www.suse.com/security/cve/CVE-2018-3251/
https://www.suse.com/security/cve/CVE-2018-3277/
https://www.suse.com/security/cve/CVE-2018-3282/
https://www.suse.com/security/cve/CVE-2018-3284/
https://www.suse.com/security/cve/CVE-2019-2510/
Plugin Details
Severity: High
ID: 122664
File Name: suse_SU-2019-0555-1.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/7/2019
Updated: 1/13/2021
Dependencies: 12634
Risk Information
Risk Factor: High
VPR Score: 5.9
CVSS v2.0
Base Score: 7.5
Temporal Score: 5.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:U/RL:OF/RC:C
CVSS v3.0
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:libmysqld-devel, p-cpe:/a:novell:suse_linux:libmysqld19, p-cpe:/a:novell:suse_linux:libmysqld19-debuginfo, p-cpe:/a:novell:suse_linux:mariadb, p-cpe:/a:novell:suse_linux:mariadb-bench, p-cpe:/a:novell:suse_linux:mariadb-bench-debuginfo, p-cpe:/a:novell:suse_linux:mariadb-client, p-cpe:/a:novell:suse_linux:mariadb-client-debuginfo, p-cpe:/a:novell:suse_linux:mariadb-debuginfo, p-cpe:/a:novell:suse_linux:mariadb-debugsource, p-cpe:/a:novell:suse_linux:mariadb-galera, p-cpe:/a:novell:suse_linux:mariadb-test, p-cpe:/a:novell:suse_linux:mariadb-test-debuginfo, p-cpe:/a:novell:suse_linux:mariadb-tools, p-cpe:/a:novell:suse_linux:mariadb-tools-debuginfo, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 3/6/2019
Vulnerability Publication Date: 5/23/2017
Reference Information
CVE: CVE-2016-9843, CVE-2018-3058, CVE-2018-3060, CVE-2018-3063, CVE-2018-3064, CVE-2018-3066, CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3174, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3282, CVE-2018-3284, CVE-2019-2510, CVE-2019-2537