Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0505-1

Опубликовано: 27 фев. 2020
Источник: suse-cvrf

Описание

Security update for mariadb

This update for mariadb fixes the following issues:

MariaDB was updated to version 10.2.31 GA (bsc#1162388).

Security issues fixed:

  • CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).
  • CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895).
  • Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878).
  • Fixed a permissions issue in /var/lib/mysql (bsc#1077717).

Список пакетов

SUSE Linux Enterprise Server 12 SP4
mariadb-10.2.31-3.25.1
mariadb-client-10.2.31-3.25.1
mariadb-errormessages-10.2.31-3.25.1
mariadb-tools-10.2.31-3.25.1
SUSE Linux Enterprise Server 12 SP5
mariadb-10.2.31-3.25.1
mariadb-client-10.2.31-3.25.1
mariadb-errormessages-10.2.31-3.25.1
mariadb-tools-10.2.31-3.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
mariadb-10.2.31-3.25.1
mariadb-client-10.2.31-3.25.1
mariadb-errormessages-10.2.31-3.25.1
mariadb-tools-10.2.31-3.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
mariadb-10.2.31-3.25.1
mariadb-client-10.2.31-3.25.1
mariadb-errormessages-10.2.31-3.25.1
mariadb-tools-10.2.31-3.25.1
SUSE OpenStack Cloud 9
mariadb-galera-10.2.31-3.25.1
SUSE OpenStack Cloud Crowbar 9
mariadb-galera-10.2.31-3.25.1

Ссылки

Описание

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:mariadb-10.2.31-3.25.1
SUSE Linux Enterprise Server 12 SP4:mariadb-client-10.2.31-3.25.1
SUSE Linux Enterprise Server 12 SP4:mariadb-errormessages-10.2.31-3.25.1
SUSE Linux Enterprise Server 12 SP4:mariadb-tools-10.2.31-3.25.1
Ссылки

Описание

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:mariadb-10.2.31-3.25.1
SUSE Linux Enterprise Server 12 SP4:mariadb-client-10.2.31-3.25.1
SUSE Linux Enterprise Server 12 SP4:mariadb-errormessages-10.2.31-3.25.1
SUSE Linux Enterprise Server 12 SP4:mariadb-tools-10.2.31-3.25.1
Ссылки