Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:3500-1

Опубликовано: 24 нояб. 2020
Источник: suse-cvrf

Описание

Security update for mariadb

This update for mariadb and mariadb-connector-c fixes the following issues:

  • Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180

  • Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428]

Список пакетов

Container suse/rmt-mariadb-client:latest
libmariadb3-3.1.11-3.22.2
Container suse/rmt-mariadb:latest
libmariadb3-3.1.11-3.22.2
Container suse/rmt-server:latest
libmariadb3-3.1.11-3.22.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libmariadb-devel-3.1.11-3.22.2
libmariadb3-3.1.11-3.22.2
libmariadb_plugins-3.1.11-3.22.2
libmariadbprivate-3.1.11-3.22.2
libmysqld-devel-10.2.36-3.34.4
libmysqld19-10.2.36-3.34.4
mariadb-10.2.36-3.34.4
mariadb-client-10.2.36-3.34.4
mariadb-errormessages-10.2.36-3.34.4
mariadb-tools-10.2.36-3.34.4
SUSE Linux Enterprise High Performance Computing 15-LTSS
libmariadb-devel-3.1.11-3.22.2
libmariadb3-3.1.11-3.22.2
libmariadb_plugins-3.1.11-3.22.2
libmariadbprivate-3.1.11-3.22.2
libmysqld-devel-10.2.36-3.34.4
libmysqld19-10.2.36-3.34.4
mariadb-10.2.36-3.34.4
mariadb-client-10.2.36-3.34.4
mariadb-errormessages-10.2.36-3.34.4
mariadb-tools-10.2.36-3.34.4
SUSE Linux Enterprise Module for Basesystem 15 SP1
libmariadb3-3.1.11-3.22.2
libmariadbprivate-3.1.11-3.22.2
SUSE Linux Enterprise Module for Basesystem 15 SP2
libmariadb3-3.1.11-3.22.2
libmariadbprivate-3.1.11-3.22.2
SUSE Linux Enterprise Module for Server Applications 15 SP1
libmariadb-devel-3.1.11-3.22.2
libmariadb_plugins-3.1.11-3.22.2
libmysqld-devel-10.2.36-3.34.4
libmysqld19-10.2.36-3.34.4
mariadb-10.2.36-3.34.4
mariadb-client-10.2.36-3.34.4
mariadb-errormessages-10.2.36-3.34.4
mariadb-tools-10.2.36-3.34.4
SUSE Linux Enterprise Module for Server Applications 15 SP2
libmariadb-devel-3.1.11-3.22.2
libmariadb_plugins-3.1.11-3.22.2
SUSE Linux Enterprise Server 15-LTSS
libmariadb-devel-3.1.11-3.22.2
libmariadb3-3.1.11-3.22.2
libmariadb_plugins-3.1.11-3.22.2
libmariadbprivate-3.1.11-3.22.2
libmysqld-devel-10.2.36-3.34.4
libmysqld19-10.2.36-3.34.4
mariadb-10.2.36-3.34.4
mariadb-client-10.2.36-3.34.4
mariadb-errormessages-10.2.36-3.34.4
mariadb-tools-10.2.36-3.34.4
SUSE Linux Enterprise Server for SAP Applications 15
libmariadb-devel-3.1.11-3.22.2
libmariadb3-3.1.11-3.22.2
libmariadb_plugins-3.1.11-3.22.2
libmariadbprivate-3.1.11-3.22.2
libmysqld-devel-10.2.36-3.34.4
libmysqld19-10.2.36-3.34.4
mariadb-10.2.36-3.34.4
mariadb-client-10.2.36-3.34.4
mariadb-errormessages-10.2.36-3.34.4
mariadb-tools-10.2.36-3.34.4

Ссылки

Описание

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
Container suse/rmt-mariadb-client:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-mariadb:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-server:latest:libmariadb3-3.1.11-3.22.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libmariadb-devel-3.1.11-3.22.2
Ссылки

Описание

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
Container suse/rmt-mariadb-client:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-mariadb:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-server:latest:libmariadb3-3.1.11-3.22.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libmariadb-devel-3.1.11-3.22.2
Ссылки

Описание

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
Container suse/rmt-mariadb-client:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-mariadb:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-server:latest:libmariadb3-3.1.11-3.22.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libmariadb-devel-3.1.11-3.22.2
Ссылки

Описание

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
Container suse/rmt-mariadb-client:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-mariadb:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-server:latest:libmariadb3-3.1.11-3.22.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libmariadb-devel-3.1.11-3.22.2
Ссылки

Описание

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

Затронутые продукты
Container suse/rmt-mariadb-client:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-mariadb:latest:libmariadb3-3.1.11-3.22.2
Container suse/rmt-server:latest:libmariadb3-3.1.11-3.22.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libmariadb-devel-3.1.11-3.22.2
Ссылки
Уязвимость SUSE-SU-2020:3500-1