Описание
Security update for mariadb
This update for mariadb fixes the following issues:
- Update to 10.2.39 (bsc#1182739)
- CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870)
- CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872)
- CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868)
- CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770)
Список пакетов
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2021:2634-1
- E-Mail link for SUSE-SU-2021:2634-1
- SUSE Security Ratings
- SUSE Bug 1182739
- SUSE Bug 1183770
- SUSE Bug 1185868
- SUSE Bug 1185870
- SUSE Bug 1185872
- SUSE Bug 1188300
- SUSE CVE CVE-2021-2154 page
- SUSE CVE CVE-2021-2166 page
- SUSE CVE CVE-2021-2180 page
- SUSE CVE CVE-2021-27928 page
Описание
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Затронутые продукты
Ссылки
- CVE-2021-2154
- SUSE Bug 1185872
- SUSE Bug 1199955
Описание
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Затронутые продукты
Ссылки
- CVE-2021-2166
- SUSE Bug 1185870
- SUSE Bug 1199955
Описание
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Затронутые продукты
Ссылки
- CVE-2021-2180
- SUSE Bug 1185868
Описание
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
Затронутые продукты
Ссылки
- CVE-2021-27928
- SUSE Bug 1183770