{"affected":[{"ecosystem_specific":{"binaries":[{"libmysqld-devel":"10.2.22-lp150.2.9.1","libmysqld19":"10.2.22-lp150.2.9.1","mariadb":"10.2.22-lp150.2.9.1","mariadb-bench":"10.2.22-lp150.2.9.1","mariadb-client":"10.2.22-lp150.2.9.1","mariadb-errormessages":"10.2.22-lp150.2.9.1","mariadb-galera":"10.2.22-lp150.2.9.1","mariadb-test":"10.2.22-lp150.2.9.1","mariadb-tools":"10.2.22-lp150.2.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"mariadb","purl":"pkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"10.2.22-lp150.2.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mariadb to version 10.2.22 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). \n- CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198).\n- CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377)\n- CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432)\n- CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391)\n- CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397)\n- CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404)\n- CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384)\n- CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368)\n- CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386)\n- CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415)\n- CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417)\n- CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421)\n- CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678)\n- CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342)\n- CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677)\n- CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676)\n- CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882)\n\nNon-security issues fixed:\n\n- Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027).\n- Fixed an issue where the lograte was not working (bsc#1112767).\n- Backport Information Schema CHECK_CONSTRAINTS Table.\n- Maximum value of table_definition_cache is now 2097152.\n- InnoDB ALTER TABLE fixes.\n- Galera crash recovery fixes.\n- Encryption fixes.\n- Remove xtrabackup dependency  as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475).\n- Maria DB testsuite - test main.plugin_auth failed (bsc#1111859)\n- Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858)\n- Remove PerconaFT from the package as it has AGPL licence (bsc#1118754)\n- remove PerconaFT from the package as it has AGPL licence (bsc#1118754)\n- Database corruption after renaming a prefix-indexed column (bsc#1120041)\n\n\nRelease notes and changelog:\n\n- https://mariadb.com/kb/en/library/mariadb-10222-release-notes\n- https://mariadb.com/kb/en/library/mariadb-10222-changelog/\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:0327-1","modified":"2019-03-23T11:15:20Z","published":"2019-03-23T11:15:20Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZBIBDKV4Q445TSAAVXOJN365L7BQQWY6/#ZBIBDKV4Q445TSAAVXOJN365L7BQQWY6"},{"type":"REPORT","url":"https://bugzilla.suse.com/1013882"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101676"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101677"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101678"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103342"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111858"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111859"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112368"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112377"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112384"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112386"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112391"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112397"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112404"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112415"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112417"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112421"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112432"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112767"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116686"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118754"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120041"},{"type":"REPORT","url":"https://bugzilla.suse.com/1122198"},{"type":"REPORT","url":"https://bugzilla.suse.com/1122475"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127027"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9843"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3058"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3060"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3063"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3064"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3066"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3143"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3162"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3173"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3174"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3200"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3251"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3277"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3282"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3284"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2510"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2537"}],"related":["CVE-2016-9843","CVE-2018-3058","CVE-2018-3060","CVE-2018-3063","CVE-2018-3064","CVE-2018-3066","CVE-2018-3143","CVE-2018-3156","CVE-2018-3162","CVE-2018-3173","CVE-2018-3174","CVE-2018-3185","CVE-2018-3200","CVE-2018-3251","CVE-2018-3277","CVE-2018-3282","CVE-2018-3284","CVE-2019-2510","CVE-2019-2537"],"summary":"Security update for mariadb","upstream":["CVE-2016-9843","CVE-2018-3058","CVE-2018-3060","CVE-2018-3063","CVE-2018-3064","CVE-2018-3066","CVE-2018-3143","CVE-2018-3156","CVE-2018-3162","CVE-2018-3173","CVE-2018-3174","CVE-2018-3185","CVE-2018-3200","CVE-2018-3251","CVE-2018-3277","CVE-2018-3282","CVE-2018-3284","CVE-2019-2510","CVE-2019-2537"]}