[SECURITY] Fedora 19 Update: mariadb-5.5.37-1.fc19

updates at fedoraproject.org updates at fedoraproject.org
Tue Apr 29 05:23:30 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-5409
2014-04-20 00:17:10
--------------------------------------------------------------------------------

Name        : mariadb
Product     : Fedora 19
Version     : 5.5.37
Release     : 1.fc19
URL         : http://mariadb.org
Summary     : A community developed branch of MySQL
Description :
MariaDB is a community developed branch of MySQL.
MariaDB is a multi-user, multi-threaded SQL database server.
It is a client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. The base package
contains the standard MariaDB/MySQL client programs and generic MySQL files.

--------------------------------------------------------------------------------
Update Information:

This is an update to the new upstream release 5.5.37, which fixes issues described at https://kb.askmonty.org/en/mariadb-5537-changelog/.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 17 2014 Honza Horak <hhorak at redhat.com> - 1:5.5.37-1
- Update to MariaDB 5.5.37, for various fixes described at
  https://kb.askmonty.org/en/mariadb-5537-changelog/
  Includes fixes for: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432
  CVE-2014-2431 CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
* Thu Mar  6 2014 Honza Horak <hhorak at redhat.com> - 1:5.5.36-1
- Rebase to 5.5.36
  https://kb.askmonty.org/en/mariadb-5536-changelog/
* Wed Feb  5 2014 Honza Horak <hhorak at redhat.com> 1:5.5.35-2
- Do not touch the log file in post script, so it does not get wrong owner
  Resolves: #1061045
* Thu Jan 30 2014 Honza Horak <hhorak at redhat.com> 1:5.5.35-1
- Rebase to 5.5.35
  https://kb.askmonty.org/en/mariadb-5535-changelog/
  Also fixes: CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908,
  CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401,
  CVE-2014-0402
  Resolves: #1054043
  Resolves: #1059546
* Wed Jan  8 2014 Honza Horak <hhorak at redhat.com> 1:5.5.34-4
- Read socketfile location in mariadb-prepare-db-dir script
* Mon Jan  6 2014 Honza Horak <hhorak at redhat.com> 1:5.5.34-3
- Don't test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl
  which now makes mariadb/mysql FTBFS because openssl_1 test fails
  Related: #1044565
- Check if socket file is not being used by another process at a time
  of starting the service
  Related: #1045435
* Wed Nov 27 2013 Honza Horak <hhorak at redhat.com> 1:5.5.34-2
- Fix mariadb-wait-ready script
* Fri Nov 22 2013 Honza Horak <hhorak at redhat.com> 1:5.5.34-1
- Rebase to 5.5.34
* Mon Nov  4 2013 Honza Horak <hhorak at redhat.com> 1:5.5.33a-4
- Fix spec file to be ready for backport by Oden Eriksson
  Resolves: #1026404
* Mon Nov  4 2013 Honza Horak <hhorak at redhat.com> 1:5.5.33a-3
- Add pam-devel to build-requires in order to build
  Related: #1019945
- Check if correct process is running in mysql-wait-ready script
  Related: #1026313
* Thu Oct 10 2013 Honza Horak <hhorak at redhat.com> 1:5.5.33a-1
- Rebase to 5.5.33a
  https://kb.askmonty.org/en/mariadb-5533-changelog/
  https://kb.askmonty.org/en/mariadb-5533a-changelog/
- Enable outfile_loaddata test
- Disable tokudb_innodb_xa_crash test
* Wed Aug 14 2013 Rex Dieter <rdieter at fedoraproject.org> 1:5.5.32-8
- fix alternatives usage
* Tue Aug 13 2013 Honza Horak <hhorak at redhat.com> - 1:5.5.32-7
- Multilib issues solved by alternatives
  Resolves: #986959
* Tue Jul 30 2013 Honza Horak <hhorak at redhat.com> - 1:5.5.32-6
- Remove unneeded systemd-sysv requires
- Provide mysql-compat-server symbol
- Create mariadb.service symlink
- Fix multilib header location for arm
- Enhance documentation in the unit file
- Use scriptstub instead of links to avoid multilib conflicts
- Add condition for doc placement in F20+
* Sun Jul 28 2013 Dennis Gilmore <dennis at ausil.us> - 1:5.5.32-5
- remove "Requires(pretrans): systemd" since its not possible
- when installing mariadb and systemd at the same time. as in a new install
* Sat Jul 27 2013 Kevin Fenzi <kevin at scrye.com> 1:5.5.32-4
- Set rpm doc macro to install docs in unversioned dir
* Fri Jul 26 2013 Dennis Gilmore <dennis at ausil.us> 1:5.5.32-3
- add Requires(pre) on systemd for the server package
* Tue Jul 23 2013 Dennis Gilmore <dennis at ausil.us> 1:5.5.32-2
- replace systemd-units requires with systemd
- remove solaris files
* Fri Jul 19 2013 Honza Horak <hhorak at redhat.com> 1:5.5.32-1
- Rebase to 5.5.32
  https://kb.askmonty.org/en/mariadb-5532-changelog/
- Clean-up un-necessary systemd snippets
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 1:5.5.31-7
- Perl 5.18 rebuild
* Mon Jul  1 2013 Honza Horak <hhorak at redhat.com> 1:5.5.31-6
- Test suite params enhanced to decrease server condition influence
- Fix misleading error message when uninstalling built-in plugins
  Related: #966873
* Thu Jun 27 2013 Honza Horak <hhorak at redhat.com> 1:5.5.31-5
- Apply fixes found by Coverity static analysis tool
* Wed Jun 19 2013 Honza Horak <hhorak at redhat.com> 1:5.5.31-4
- Do not use pretrans scriptlet, which doesn't work in anaconda
  Resolves: #975348
* Fri Jun 14 2013 Honza Horak <hhorak at redhat.com> 1:5.5.31-3
- Explicitly enable mysqld if it was enabled in the beggining
  of the transaction.
* Thu Jun 13 2013 Honza Horak <hhorak at redhat.com> 1:5.5.31-2
- Apply man page fix from Jan Stanek
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1088133 - CVE-2014-0384 mysql: unspecified vulnerability in MySQL server related to XML subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088133
  [ 2 ] Bug #1088134 - CVE-2014-2419 mysql: unspecified vulnerability in MySQL server related to Partition subcomponent
        https://bugzilla.redhat.com/show_bug.cgi?id=1088134
  [ 3 ] Bug #1088143 - CVE-2014-2430 mysql: unspecified vulnerability in MySQL server related to Performance Schema subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088143
  [ 4 ] Bug #1088146 - CVE-2014-2431 mysql: unspecified vulnerability in MySQL server related to Options subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088146
  [ 5 ] Bug #1088179 - CVE-2014-2432 mysql: unspecified vulnerability in MySQL server related to Federated subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088179
  [ 6 ] Bug #1088190 - CVE-2014-2436 mysql: unspecified vulnerability in MySQL server related to RBR subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088190
  [ 7 ] Bug #1088191 - CVE-2014-2438 mysql: unspecified vulnerability in MySQL server related to Replication subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088191
  [ 8 ] Bug #1088197 - CVE-2014-2440 mysql: unspecified vulnerability in MySQL Client subcomponent (CPU April 2014)
        https://bugzilla.redhat.com/show_bug.cgi?id=1088197
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update mariadb' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list