Описание
Security update for mariadb-connector-c
This update for mariadb-connector-c fixes the following issues:
Security issue fixed:
- CVE-2020-13249: Fixed an improper validation of OK packets received from clients (bsc#1171550).
Non-security issues fixed:
- Update to release 3.1.8 (bsc#1171550)
- CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner
- CONC-441: Default user name for C/C is wrong if login user is different from effective user
- CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf
- CONC-457: mysql_list_processes crashes in unpack_fields
- CONC-458: mysql_get_timeout_value crashes when used improper
- CONC-464: Fix static build for auth_gssapi_client plugin
Список пакетов
SUSE Linux Enterprise Server 12 SP4
libmariadb3-3.1.8-2.15.1
libmariadb_plugins-3.1.8-2.15.1
SUSE Linux Enterprise Server 12 SP5
libmariadb3-3.1.8-2.15.1
libmariadb_plugins-3.1.8-2.15.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libmariadb3-3.1.8-2.15.1
libmariadb_plugins-3.1.8-2.15.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libmariadb3-3.1.8-2.15.1
libmariadb_plugins-3.1.8-2.15.1
Ссылки
- Link for SUSE-SU-2020:1431-1
- E-Mail link for SUSE-SU-2020:1431-1
- SUSE Security Ratings
- SUSE Bug 1171550
- SUSE CVE CVE-2020-13249 page
Описание
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:libmariadb3-3.1.8-2.15.1
SUSE Linux Enterprise Server 12 SP4:libmariadb_plugins-3.1.8-2.15.1
SUSE Linux Enterprise Server 12 SP5:libmariadb3-3.1.8-2.15.1
SUSE Linux Enterprise Server 12 SP5:libmariadb_plugins-3.1.8-2.15.1
Ссылки
- CVE-2020-13249