SUSE-SU-2020:1423-1

Опубликовано: 26 мая 2020

Источник: suse-cvrf

Описание

Security update for mariadb-connector-c

This update for mariadb-connector-c fixes the following issues:

Security issue fixed:

CVE-2020-13249: Fixed an improper validation of OK packets received from clients (bsc#1171550).

Non-security issues fixed:

Update to release 3.1.8 (bsc#1171550)
- CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner
- CONC-441: Default user name for C/C is wrong if login user is different from effective user
- CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf
- CONC-457: mysql_list_processes crashes in unpack_fields
- CONC-458: mysql_get_timeout_value crashes when used improper
- CONC-464: Fix static build for auth_gssapi_client plugin

Список пакетов

Container suse/rmt-mariadb-client:latest

libmariadb3-3.1.8-3.18.1

Container suse/rmt-mariadb:latest

libmariadb3-3.1.8-3.18.1

Container suse/rmt-server:latest

libmariadb3-3.1.8-3.18.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libmariadb-devel-3.1.8-3.18.1

libmariadb3-3.1.8-3.18.1

libmariadb_plugins-3.1.8-3.18.1

libmariadbprivate-3.1.8-3.18.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libmariadb-devel-3.1.8-3.18.1

libmariadb3-3.1.8-3.18.1

libmariadb_plugins-3.1.8-3.18.1

libmariadbprivate-3.1.8-3.18.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

libmariadb3-3.1.8-3.18.1

libmariadbprivate-3.1.8-3.18.1

SUSE Linux Enterprise Module for Server Applications 15 SP1

libmariadb-devel-3.1.8-3.18.1

libmariadb_plugins-3.1.8-3.18.1

SUSE Linux Enterprise Server 15-LTSS

libmariadb-devel-3.1.8-3.18.1

libmariadb3-3.1.8-3.18.1

libmariadb_plugins-3.1.8-3.18.1

libmariadbprivate-3.1.8-3.18.1

SUSE Linux Enterprise Server for SAP Applications 15

libmariadb-devel-3.1.8-3.18.1

libmariadb3-3.1.8-3.18.1

libmariadb_plugins-3.1.8-3.18.1

libmariadbprivate-3.1.8-3.18.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201423-1/
Link for SUSE-SU-2020:1423-1
https://lists.suse.com/pipermail/sle-security-updates/2020-May/006859.html
E-Mail link for SUSE-SU-2020:1423-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1171550
SUSE Bug 1171550
https://www.suse.com/security/cve/CVE-2020-13249/
SUSE CVE CVE-2020-13249 page

Описание

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

Затронутые продукты

Container suse/rmt-mariadb-client:latest:libmariadb3-3.1.8-3.18.1

Container suse/rmt-mariadb:latest:libmariadb3-3.1.8-3.18.1

Container suse/rmt-server:latest:libmariadb3-3.1.8-3.18.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:libmariadb-devel-3.1.8-3.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-13249.html
CVE-2020-13249

SUSE-SU-2020:1423-1

Описание

Список пакетов

Container suse/rmt-mariadb-client:latest

Container suse/rmt-mariadb:latest

Container suse/rmt-server:latest

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP1

SUSE Linux Enterprise Module for Server Applications 15 SP1

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

Ссылки

Уязвимость: CVE-2020-13249

Описание

Затронутые продукты

Ссылки