Mageia 2020-0284: mariadb security update

    Date 07 Jul 2020
    190
    Posted By LinuxSecurity Advisories
    Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Client product of MariaDB (component: C API) Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Client.
    MGASA-2020-0284 - Updated mariadb packages fix security vulnerability
    
    Publication date: 07 Jul 2020
    URL: https://advisories.mageia.org/MGASA-2020-0284.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-2752,
         CVE-2020-2760,
         CVE-2020-2812,
         CVE-2020-2814
    
    Updated mariadb packages fix security vulnerabilities:
    
    Vulnerability in the MariaDB Client product of MariaDB (component: C API)
    Difficult to exploit vulnerability allows low privileged attacker with
    network access via multiple protocols to compromise MariaDB Client.
    Successful attacks of this vulnerability can result in unauthorized ability
    to cause a hang or frequently repeatable crash (complete DOS) of MariaDB
    Client (CVE-2020-2752).
    
    Vulnerability in the MariaDB Server product of MariaDB (component: InnoDB).
    Easily exploitable vulnerability allows high privileged attacker with network
    access via multiple protocols to compromise MariaDB Server. Successful attacks
    of this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of MariaDB Server as well as
    unauthorized update, insert or delete access to some of MariaDB Server
    accessible data (CVE-2020-2760).
    
    Vulnerability in the MariaDB Server product of MariaDB (component: Server:
    Stored Procedure). Easily exploitable vulnerability allows high privileged
    attacker with network access via multiple protocols to compromise MariaDB
    Server. Successful attacks of this vulnerability can result in unauthorized
    ability to cause a hang or frequently repeatable crash (complete DOS) of
    MariaDB Server (CVE-2020-2812).
    
    Vulnerability in the MariaDB Server product of MariaDB (component: InnoDB).
    Easily exploitable vulnerability allows high privileged attacker with network
    access via multiple protocols to compromise MariaDB Server. Successful attacks
    of this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2020-2814).
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=26818
    - https://mariadb.com/kb/en/mariadb-10323-release-notes/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2752
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2760
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2812
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2814
    
    SRPMS:
    - 7/core/mariadb-10.3.23-1.mga7
    

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":25,"resources":[]},{"id":"123","title":"No ","votes":"2","type":"x","order":"2","pct":50,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.