From patchwork Fri Jun 8 16:44:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Korsgaard X-Patchwork-Id: 926908 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=korsgaard.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="IBCdFgDK"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 412Stk6Vltz9s1B for ; Sat, 9 Jun 2018 02:44:46 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 75E9087CE5; Fri, 8 Jun 2018 16:44:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kRar7uy1FC8g; Fri, 8 Jun 2018 16:44:42 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 01A9F8735F; Fri, 8 Jun 2018 16:44:42 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 35C0B1C0683 for ; Fri, 8 Jun 2018 16:44:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 32BDD23280 for ; Fri, 8 Jun 2018 16:44:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdv4IIqONbTC for ; Fri, 8 Jun 2018 16:44:40 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr0-f180.google.com (mail-wr0-f180.google.com [209.85.128.180]) by silver.osuosl.org (Postfix) with ESMTPS id C0FE72324E for ; Fri, 8 Jun 2018 16:44:39 +0000 (UTC) Received: by mail-wr0-f180.google.com with SMTP id l10-v6so14041060wrn.2 for ; Fri, 08 Jun 2018 09:44:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id; bh=lZlwFT2BDibz9b/xMzPXN1c96pe1ICw5R8f9KreAKok=; b=IBCdFgDKnMV4biaPeqcvALd04V2wOioGpiM9o3EclELTWi2imE8MPpy0H5cQSprenH vKbc3LudYAwyLb/h6nCrGygqT1aifX+s9gzPcbkVatNeTkx2EZdOFcesg+uaH12j/L+D RU2VT3cVTu/gLOcTc5mFWp86AQx+gcI65XPCQOXn4g0w6MMNAIMgqHKUoFKGwKGkIteC UwZUwXXVciFiZCbdPVBJoQ3cGTMgrSj4PTS5nbvotFlc+D4NH4I9HYebUZmjXuCVpE7N oPGLRhC/H1f/zr1S5RTen5eGnUsqXMXv4V5BXcEMSiwSFuqPrxlbAvy7F2wcGTVT6EXR Z0YQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; bh=lZlwFT2BDibz9b/xMzPXN1c96pe1ICw5R8f9KreAKok=; b=Nz9vQJsLFQRfTOb72kmI5q4iKfnzmYW0ivCk/kaQZ1R7zCwYMZIO3VcN8HWnNCqWq5 VvHxOHnR8bc12It2gYm4QHUEQriUfHAQtYEqHIKVSvknLUew8ZklhwdfdlNLVZvFVH1R Yk1R27NBDEFvS6TOKGt2bRhsXPRWN2uwRioEhpqxgPZkIAPtpL7pLYD9cDiFUSuJLR1p YFrUBornYsN7Jg7MoOdkWbtRqet3/MeDNI0zEQyDkBbzIKDgqFzWL3JHVosC/L390P4C DeAdTy4u/oCRotPbr5HboS36+S3dmGZCTBuf7o41XKb6yAHCFGUjQLbOqdvtLO5OEvkl H2pw== X-Gm-Message-State: APt69E1T0y+e88pRFVPPgXySaXzy6aHwo0/EDVzfv/zEZdi+jcuvw/5P djdiRxsUzIJ7VGuMse2UhbSv4LVV X-Google-Smtp-Source: ADUXVKJEzcNAwZmdPaIyRm8wzCBpoZgeMqthB2i5hqRucPl0XJrwTlOxIpNOzfRQaI8di+FUqxN0FA== X-Received: by 2002:adf:e447:: with SMTP id t7-v6mr5853218wrm.145.1528476277863; Fri, 08 Jun 2018 09:44:37 -0700 (PDT) Received: from dell.be.48ers.dk (d51A5BC31.access.telenet.be. [81.165.188.49]) by smtp.gmail.com with ESMTPSA id n7-v6sm28042407wrr.39.2018.06.08.09.44.36 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 08 Jun 2018 09:44:36 -0700 (PDT) Received: from peko by dell.be.48ers.dk with local (Exim 4.89) (envelope-from ) id 1fRKV9-0004ut-UB; Fri, 08 Jun 2018 18:44:35 +0200 From: Peter Korsgaard To: buildroot@buildroot.org, Ryan Coe Date: Fri, 8 Jun 2018 18:44:34 +0200 Message-Id: <20180608164434.18857-1-peter@korsgaard.com> X-Mailer: git-send-email 2.11.0 Subject: [Buildroot] [PATCH] mariadb: security bump version to 10.1.33 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Release notes: https://mariadb.com/kb/en/mariadb-10133-release-notes/ Changelog: https://mariadb.com/kb/en/mariadb-10133-changelog/ Fixes the following security vulnerabilities: CVE-2018-2782 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2784 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2787 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVE-2018-2766 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2755 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVE-2018-2819 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2817 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2761 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2781 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2771 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2813 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. Signed-off-by: Peter Korsgaard Acked-by: Ryan Coe --- package/mariadb/mariadb.hash | 4 ++-- package/mariadb/mariadb.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/mariadb/mariadb.hash b/package/mariadb/mariadb.hash index b8b2dde374..7eea62ab7b 100644 --- a/package/mariadb/mariadb.hash +++ b/package/mariadb/mariadb.hash @@ -1,5 +1,5 @@ -# From https://downloads.mariadb.org/mariadb/10.1.32/ -sha256 0e2aae6a6a190d07c8e36e87dd43377057fa82651ca3c583462563f3e9369096 mariadb-10.1.32.tar.gz +# From https://downloads.mariadb.org/mariadb/10.1.33/ +sha256 94312c519f2c0c25e1964c64e22aff0036fb22dfb2685638f43a6b2211395d2d mariadb-10.1.33.tar.gz # Hash for license files sha256 69ce89a0cadbe35a858398c258be93c388715e84fc0ca04e5a1fd1aa9770dd3a README diff --git a/package/mariadb/mariadb.mk b/package/mariadb/mariadb.mk index 391655fb0a..ce846d9cda 100644 --- a/package/mariadb/mariadb.mk +++ b/package/mariadb/mariadb.mk @@ -4,7 +4,7 @@ # ################################################################################ -MARIADB_VERSION = 10.1.32 +MARIADB_VERSION = 10.1.33 MARIADB_SITE = https://downloads.mariadb.org/interstitial/mariadb-$(MARIADB_VERSION)/source MARIADB_LICENSE = GPL-2.0 (server), GPL-2.0 with FLOSS exception (GPL client library), LGPL-2.0 (LGPL client library) # Tarball no longer contains LGPL license text