An update for rh-mariadb100-mariadb is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
MariaDB is a multi-user, multi-threaded SQL database server.

For all practicalpurposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, aPerl-compatible regular expression library, to implement regular expressionsupport in SQL queries.Security Fix(es):* It was found that the MariaDB client library did not properly check host namesagainst server identities noted in the X.509 certificates when establishingsecure connections using TLS/SSL.

A man-in-the-middle attacker could possiblyuse this flaw to impersonate a server to a client. (CVE-2016-2047)* This update fixes several vulnerabilities in the MariaDB database server.Information about these flaws can be found on the Oracle Critical Patch UpdateAdvisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802,CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830,CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879,CVE-2015-4895, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596,CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608,CVE-2016-0609, CVE-2016-0610, CVE-2016-0616, CVE-2016-0640, CVE-2016-0641,CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647,CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0655,CVE-2016-0666, CVE-2016-0668)* Multiple flaws were found in the way PCRE handled malformed regularexpressions.

An attacker able to make MariaDB execute an SQL query with aspecially crafted regular expression could use these flaws to cause it to crashor, possibly, execute arbitrary code. (CVE-2015-3210, CVE-2015-3217,CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385,CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395,CVE-2016-1283, CVE-2016-3191)
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, the MariaDB server daemon (mysqld) will berestarted automatically.Red Hat Software Collections 1 for RHEL 6

SRPMS:
rh-mariadb100-mariadb-10.0.25-4.el6.src.rpm
    MD5: 19191ac5bc6e4fad823c9e7ceba2c779SHA-256: 8fbfff9d5a3d1d59ac004527ce7d7268b4aec8eee8428db4a3fdc987c4eb8815
 
x86_64:
rh-mariadb100-mariadb-10.0.25-4.el6.x86_64.rpm
    MD5: ed15ce98d2a52912fc6a2f64343e4ab9SHA-256: 82191080542a9dc984240178f411107e76e5486948243af816ad0c31c140ffd0
rh-mariadb100-mariadb-bench-10.0.25-4.el6.x86_64.rpm
    MD5: 4941977ccebb1686486264b941097fdbSHA-256: f5379ca60e24da47992cd727843ca21c3ea41cec856f51294aedea110b712c9b
rh-mariadb100-mariadb-common-10.0.25-4.el6.x86_64.rpm
    MD5: 4bfa0ee1e298f7e2e905a8c319c59298SHA-256: 4f05a1b39371b836047fbd79ba871044049c4e49e4e5ed2bea060604c7ccdc36
rh-mariadb100-mariadb-config-10.0.25-4.el6.x86_64.rpm
    MD5: c08c1d31de0dd2c7c206dbb3de6bdf6aSHA-256: d21e6ba0929751ba95070fac2521990743b4edec0eea48d993e4e5a74ef512cd
rh-mariadb100-mariadb-debuginfo-10.0.25-4.el6.x86_64.rpm
    MD5: 50effe471c8ea4b36716d21f8ccac87eSHA-256: e76706880a82cffe43e887b0a16131d99acde02056d999dbfbb2c50668a759dc
rh-mariadb100-mariadb-devel-10.0.25-4.el6.x86_64.rpm
    MD5: 5696ff1330ec8780dc5062b9a5c34d97SHA-256: 2ef7a0f4d5a4ad37c0d27f4561fee378c9d7ccb2b2f926f81139e7bc059308c9
rh-mariadb100-mariadb-errmsg-10.0.25-4.el6.x86_64.rpm
    MD5: e373e26501b984fecdd8a631d7266046SHA-256: aef8517f831dd724ea832a0a82db3951f23ad197b164fda4824720c885396f9a
rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el6.x86_64.rpm
    MD5: 83e0011a078c22e86f78af3439bcb1d0SHA-256: ac1999d138699ce8e7c8541c8e04c01597d5a255e86d8368a3c0772a28ff3688
rh-mariadb100-mariadb-server-10.0.25-4.el6.x86_64.rpm
    MD5: 2824963b65eeb7bbb9da43172013198eSHA-256: 320fb6e329a5caf1e01e27d9d2614230746ecbae8d4136cfeec9ba9f9c8f176a
rh-mariadb100-mariadb-test-10.0.25-4.el6.x86_64.rpm
    MD5: c86f675a60bd5566904294b9ba8cbe30SHA-256: e5ecd5a8974f68a9245fca79757842fc46c4e9c973d1c01e97707ecc7bfb0303
 
Red Hat Software Collections 1 for RHEL 7

SRPMS:
rh-mariadb100-mariadb-10.0.25-4.el7.src.rpm
    MD5: bd78977df18c5b6ea90e5425b10eeefaSHA-256: 41385ebaee526805bd4a27647ac6bbf7d9e7f45abaaa8512706eae69d0b0b5eb
 
x86_64:
rh-mariadb100-mariadb-10.0.25-4.el7.x86_64.rpm
    MD5: 84fe4faada5793d95540c0cbff0705d5SHA-256: ce2a3da576b44cc7f6c8b1de3acc7363fe76d4b72ddb3d6c5083c04fa39168a8
rh-mariadb100-mariadb-bench-10.0.25-4.el7.x86_64.rpm
    MD5: d82a7e14399ea91dcb5443d4c5a2d354SHA-256: 1e2484c5e03316be86c8e54a7a9ccc2013c45f8c7922c7d83f3b19eb9adfe1ae
rh-mariadb100-mariadb-common-10.0.25-4.el7.x86_64.rpm
    MD5: 61cc9852a28948f94b6fd3db24d3b42dSHA-256: 29bc92fc052777f4f82aa320c9d37e488672c658b7fa23af7ce0cd2ab776d1f9
rh-mariadb100-mariadb-config-10.0.25-4.el7.x86_64.rpm
    MD5: 436595de02f923eec08dde47889adae6SHA-256: 67f66f49d441bdb87ab0773340e87482220ed0489f60125f1c922707721f0169
rh-mariadb100-mariadb-debuginfo-10.0.25-4.el7.x86_64.rpm
    MD5: 43ba5f0baf9fb2258f7fc15f9b11804dSHA-256: dee7bf71da9a895441180634ca4e893fcba7499204a2cdd13b5b0906e4cb3ff8
rh-mariadb100-mariadb-devel-10.0.25-4.el7.x86_64.rpm
    MD5: cb3dc2a198ee9d5532d0b1edf31238c7SHA-256: 93c0bb88690d17ac70dd605363cf5746c502d4c1b8abf13784e0016777e4bd61
rh-mariadb100-mariadb-errmsg-10.0.25-4.el7.x86_64.rpm
    MD5: b3dce4163c3186aadeaf1079acb824c8SHA-256: 9f12e148ed0753bc7fba60971d5a9d611a9b338d726bde3f8a650b9b5712a184
rh-mariadb100-mariadb-oqgraph-engine-10.0.25-4.el7.x86_64.rpm
    MD5: fc008bf9279653310f98d13b34cd3ba6SHA-256: 7acb3ccd69be183ee81f684cb17f2e7fea3e0dc69fef94bd07a3a2186ef2eb43
rh-mariadb100-mariadb-server-10.0.25-4.el7.x86_64.rpm
    MD5: ad8a908c120afe63efabea2d9782645cSHA-256: 0d8816780e247603213b7e92b598f0e1eea61cc424a7265bbdac8dcfa78f3b2e
rh-mariadb100-mariadb-test-10.0.25-4.el7.x86_64.rpm
    MD5: 9147afaf87db482c12a016fd4500b4e0SHA-256: f98e06be2211e1811aca9da56a1de8f9482285c17d777356bf19ed037b67c148
 
(The unlinked packages above are only available from the Red Hat Network)

1228283 – CVE-2015-3217 pcre: stack overflow caused by mishandled group empty match (8.38/11)1237223 – CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)1274752 – CVE-2015-4792 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015)1274756 – CVE-2015-4802 mysql: unspecified vulnerability related to Server:Partition (CPU October 2015)1274759 – CVE-2015-4815 mysql: unspecified vulnerability related to Server:DDL (CPU October 2015)1274761 – CVE-2015-4816 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015)1274764 – CVE-2015-4819 mysql: unspecified vulnerability related to Client programs (CPU October 2015)1274766 – CVE-2015-4826 mysql: unspecified vulnerability related to Server:Types (CPU October 2015)1274767 – CVE-2015-4830 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015)1274771 – CVE-2015-4836 mysql: unspecified vulnerability related to Server:SP (CPU October 2015)1274773 – CVE-2015-4858 mysql: unspecified vulnerability related to Server:DML (CPU October 2015)1274776 – CVE-2015-4861 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015)1274781 – CVE-2015-4870 mysql: unspecified vulnerability related to Server:Parser (CPU October 2015)1274783 – CVE-2015-4879 mysql: unspecified vulnerability related to Server:DML (CPU October 2015)1274786 – CVE-2015-4895 mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015)1274794 – CVE-2015-4913 mysql: unspecified vulnerability related to Server:DML (CPU October 2015)1287614 – CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)1287623 – CVE-2015-3210 CVE-2015-8384 pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)1287629 – CVE-2015-8385 pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)1287636 – CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)1287671 – CVE-2015-8391 pcre: inefficient posix character class syntax check (8.38/16)1287690 – CVE-2015-8392 pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)1287711 – CVE-2015-8381 CVE-2015-8395 pcre: Buffer overflow caused by duplicate named references (8.38/36)1295385 – CVE-2016-1283 pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)1301492 – CVE-2016-0505 mysql: unspecified vulnerability in subcomponent: Server: Options (CPU January 2016)1301493 – CVE-2016-0546 mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016)1301496 – CVE-2016-0596 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016)1301497 – CVE-2016-0597 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016)1301498 – CVE-2016-0598 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016)1301501 – CVE-2016-0600 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)1301504 – CVE-2016-0606 mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016)1301506 – CVE-2016-0608 mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016)1301507 – CVE-2016-0609 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU January 2016)1301508 – CVE-2016-0610 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)1301510 – CVE-2016-0616 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016)1301874 – CVE-2016-2047 mysql: ssl-validate-cert incorrect hostname check1311503 – CVE-2016-3191 pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)1329239 – CVE-2016-0640 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016)1329241 – CVE-2016-0641 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016)1329243 – CVE-2016-0642 mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU April 2016)1329245 – CVE-2016-0643 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016)1329247 – CVE-2016-0644 mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016)1329248 – CVE-2016-0646 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016)1329249 – CVE-2016-0647 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016)1329251 – CVE-2016-0648 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016)1329252 – CVE-2016-0649 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016)1329253 – CVE-2016-0650 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016)1329254 – CVE-2016-0651 mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU April 2016)1329259 – CVE-2016-0655 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU April 2016)1329270 – CVE-2016-0666 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016)1329273 – CVE-2016-0668 mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU April 2016)

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: