Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0609-1

Опубликовано: 13 мар. 2019
Источник: suse-cvrf

Описание

Security update for mariadb

This update for mariadb to version 10.2.22 fixes the following issues:

Security issues fixed (bsc#1122198):

  • CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service.
  • CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service.

Other issues fixed:

  • Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027).
  • Fixed an issue where the lograte was not working (bsc#1112767).
  • Backport Information Schema CHECK_CONSTRAINTS Table.
  • Maximum value of table_definition_cache is now 2097152.
  • InnoDB ALTER TABLE fixes.
  • Galera crash recovery fixes.
  • Encryption fixes.
  • Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475).

The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4
mariadb-10.2.22-3.14.1
mariadb-client-10.2.22-3.14.1
mariadb-errormessages-10.2.22-3.14.1
SUSE Linux Enterprise Server 12 SP4
mariadb-10.2.22-3.14.1
mariadb-client-10.2.22-3.14.1
mariadb-errormessages-10.2.22-3.14.1
mariadb-tools-10.2.22-3.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
mariadb-10.2.22-3.14.1
mariadb-client-10.2.22-3.14.1
mariadb-errormessages-10.2.22-3.14.1
mariadb-tools-10.2.22-3.14.1

Ссылки

Описание

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:mariadb-10.2.22-3.14.1
SUSE Linux Enterprise Desktop 12 SP4:mariadb-client-10.2.22-3.14.1
SUSE Linux Enterprise Desktop 12 SP4:mariadb-errormessages-10.2.22-3.14.1
SUSE Linux Enterprise Server 12 SP4:mariadb-10.2.22-3.14.1
Ссылки

Описание

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:mariadb-10.2.22-3.14.1
SUSE Linux Enterprise Desktop 12 SP4:mariadb-client-10.2.22-3.14.1
SUSE Linux Enterprise Desktop 12 SP4:mariadb-errormessages-10.2.22-3.14.1
SUSE Linux Enterprise Server 12 SP4:mariadb-10.2.22-3.14.1
Ссылки
Уязвимость SUSE-SU-2019:0609-1