Mageia 7 Security Update: MGASA-2020-0072 Critical MariaDB DoS Risk
mageia
January 30, 2020
Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise ...
Summary
Updated MariaDB packages fix security vulnerabilities:
Difficult to exploit vulnerability allows unauthenticated attacker with
network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS)
of MySQL Client (CVE-2020-2574).
In addtion a new pam subpackge is provided which adds prebuilt
pam_user_map
For other fixes in this update, see the referenced release notes.
References
- https://bugs.mageia.org/show_bug.cgi?id=26142
- https://mariadb.com/docs/server/reference/plugins/authentication-plugins/authentication-with-pluggable-authentication-modules-pam/authentication-plugin-pam
- https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-10-3-series/mariadb-10322-release-notes
- https://www.cve.org/CVERecord?id=CVE-2020-2574
Resolution
SRPMS
- 7/core/mariadb-10.3.22-1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 30 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0072.html
Type: security
CVE: CVE-2020-2574
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!