SUSE: 2019:2330-1 Important: Remote Denial Of Service Fix for MariaDB
suse
September 6, 2019
An update that solves three vulnerabilities and has one errata is now available
Summary
This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Adjust mysql-systemd-helper ("shutdown protected MySQL" section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to "found left-over process" situation when regular mariadb is started (bsc#1143215).
Topics Covered
References
#1126088 #1132666 #1136035 #1143215
Cross- CVE-2019-2614 CVE-2019-2627 CVE-2019-2628
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Desktop 12-SP4
https://www.suse.com/security/cve/CVE-2019-2614.html
https://www.suse.com/security/cve/CVE-2019-2627.html
https://www.suse.com/security/cve/CVE-2019-2628.html
https://bugzilla.suse.com/1126088
https://bugzilla.suse.com/1132666
https://bugzilla.suse.com/1136035
https://bugzilla.suse.com/1143215
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:2330-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!