MGASA-2020-0072 - Updated mariadb packages fix security vulnerability

Publication date: 30 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0072.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-2574

Updated MariaDB packages fix security vulnerabilities:

Difficult to exploit vulnerability allows unauthenticated attacker with
network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS)
of MySQL Client (CVE-2020-2574).

In addtion a new pam subpackge is provided which adds prebuilt
pam_user_map

For other fixes in this update, see the referenced release notes.

References:
- https://bugs.mageia.org/show_bug.cgi?id=26142
- https://mariadb.com/kb/en/authentication-plugin-pam/
- https://mariadb.com/kb/en/mariadb-10322-release-notes/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2574

SRPMS:
- 7/core/mariadb-10.3.22-1.mga7