Centos Repo dont update to last MARIADB

Support for security such as Firewalls and securing linux
Post Reply
lepe
Posts: 10
Joined: 2017/05/05 17:31:54

Centos Repo dont update to last MARIADB

Post by lepe » 2018/05/06 09:55:51

Hi all

I see this issue reported from other user in centos bug tracker and I dont understand why is not possible to update mariadb from Centos repo to last versions when each new mariadb version is even safer and offers greater speed

I look for this repo http://mirror.centos.org/centos/7/os/x86_64/Packages/ with mariadb 5.5.56 but it is very old. Was added by centos 9 months ago and the last improved version is 5.5.60

Really to Centos dont like MariaDB security?

best regards

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Centos Repo dont update to last MARIADB

Post by avij » 2018/05/06 10:16:05

You clearly missed TrevorH's comment in that bug report, especially the link to the backporting page.

Are there any particular CVEs you think you are missing? Those are what counts.

That said, CentOS rebuilds the same packages that RHEL ships. CentOS does not have the possibility to update MariaDB ahead of RHEL.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos Repo dont update to last MARIADB

Post by TrevorH » 2018/05/06 13:36:29

Really to Centos dont like MariaDB security?
See the RHEL backporting page https://access.redhat.com/security/updates/backporting

In addition, you can see the rpm changelog by running e.g. rpm -q mariadb-server --changelog | less and see information like

Code: Select all

* Thu Jun 08 2017 Honza Horak <hhorak@redhat.com> - 1:5.5.56-2
- Do not fix context and change owner if run by root in mariadb-prepare-db-dir
  Related: #1458940
- Check properly that datadir includes only expected files
  Related: #1356897

* Mon Jun 05 2017 Honza Horak <hhorak@redhat.com> - 1:5.5.56-1
- Rebase to 5.5.56
  That release also fixes the following security issues:
  CVE-2016-5617/CVE-2016-6664 CVE-2017-3312 CVE-2017-3238 CVE-2017-3243
  CVE-2017-3244 CVE-2017-3258 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318
  CVE-2017-3291 CVE-2017-3302 CVE-2016-5483/CVE-2017-3600 CVE-2017-3308
  CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464
  Resolves: #1458933
  New deps required by upstream: checkpolicy and policycoreutils-python
  License text removed by upstream: COPYING.LESSER
  Do not ignore test-suite failure
  Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265
  Resolves: #1458940
  
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

lepe
Posts: 10
Joined: 2017/05/05 17:31:54

Re: Centos Repo dont update to last MARIADB

Post by lepe » 2018/05/07 04:12:39

Hi

CVEs talks about if a module version have a security issues then it will be removed maintaining previous versions but MariaDB 5.5.60 have not any security issues worst than the old offered version 5.5.56 in http://mirror.centos.org/centos/7/os/x86_64/Packages/

I asked about this issue and still it is unsolved (wont fix)

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos Repo dont update to last MARIADB

Post by TrevorH » 2018/05/07 09:02:18

The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

pjwelsh
Posts: 2632
Joined: 2007/01/07 02:18:02
Location: Central IL USA

Re: Centos Repo dont update to last MARIADB

Post by pjwelsh » 2018/05/07 14:03:56

Using any one of several MariaDB "official" versions is easily possible using the MariaDB repo generator:
https://downloads.mariadb.org/mariadb/r ... tro=CentOS

Please carefully read the warning(s) about third party repositories:
https://wiki.centos.org/AdditionalResou ... positories

Post Reply