mariadb (SL7)

By Scientific Linux Team on April 4, 2016

Synopsis: Moderate: mariadb security and bug fix update
Advisory ID: SLSA-2016:0534-1
Issue Date: 2016-04-04
CVE Numbers: CVE-2015-4792
CVE-2015-4802
CVE-2015-4815
CVE-2015-4816
CVE-2015-4819
CVE-2015-4826
CVE-2015-4830
CVE-2015-4836
CVE-2015-4858
CVE-2015-4861
CVE-2015-4870
CVE-2015-4879
CVE-2015-4913
CVE-2016-0505
CVE-2016-0546
CVE-2016-0596
CVE-2016-0597
CVE-2016-0598
CVE-2016-0600
CVE-2016-0606
CVE-2016-0608
CVE-2016-0609
CVE-2016-0616
CVE-2016-2047

Security Fix(es):

* It was found that the MariaDB client library did not properly check host
names against server identities noted in the X.509 certificates when
establishing secure connections using TLS/SSL. A man-in-the-middle
attacker could possibly use this flaw to impersonate a server to a client.
(CVE-2016-2047)

(CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816,
CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858,
CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505,
CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600,
CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616)

Bug Fix(es):

* When more than one INSERT operation was executed concurrently on a non-
empty InnoDB table with an AUTO_INCREMENT column defined as a primary key
immediately after starting MariaDB, a race condition could occur. As a
consequence, one of the concurrent INSERT operations failed with a
“Duplicate key” error message. A patch has been applied to prevent the
race condition. Now, each row inserted as a result of the concurrent
INSERT operations receives a unique primary key, and the operations no
longer fail in this scenario.

SL7
x86_64
mariadb-5.5.47-1.el7_2.x86_64.rpm
mariadb-debuginfo-5.5.47-1.el7_2.i686.rpm
mariadb-debuginfo-5.5.47-1.el7_2.x86_64.rpm
mariadb-libs-5.5.47-1.el7_2.i686.rpm
mariadb-libs-5.5.47-1.el7_2.x86_64.rpm
mariadb-server-5.5.47-1.el7_2.x86_64.rpm
mariadb-bench-5.5.47-1.el7_2.x86_64.rpm
mariadb-devel-5.5.47-1.el7_2.i686.rpm
mariadb-devel-5.5.47-1.el7_2.x86_64.rpm
mariadb-embedded-5.5.47-1.el7_2.i686.rpm
mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm
mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm
mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm
mariadb-test-5.5.47-1.el7_2.x86_64.rpm

– Scientific Linux Development Team