SUSE: 2020:0831-1 important: mariadb

    Date 31 Mar 2020
    207
    Posted By LinuxSecurity Advisories
    An update that fixes 9 vulnerabilities is now available.
    
       SUSE Security Update: Security update for mariadb
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:0831-1
    Rating:             important
    References:         #1077717 #1156669 #1160878 #1160883 #1160895 
                        #1160912 #1162388 
    Cross-References:   CVE-2019-18901 CVE-2019-2737 CVE-2019-2739
                        CVE-2019-2740 CVE-2019-2758 CVE-2019-2805
                        CVE-2019-2938 CVE-2019-2974 CVE-2020-2574
                       
    Affected Products:
                        SUSE OpenStack Cloud 7
    ______________________________________________________________________________
    
       An update that fixes 9 vulnerabilities is now available.
    
    Description:
    
       This update for mariadb to version 10.2.31 GA fixes the following issues:
    
       MariaDB was updated to version 10.2.31 GA (bsc#1162388 and bsc#1156669).
    
       Security issues fixed:
    
       - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed
         an attacker to crash the client (bsc#1162388).
       - CVE-2019-18901: Fixed an unsafe path handling behavior in
         mysql-systemd-helper (bsc#1160895).
       - CVE-2019-2737: Fixed an issue where could lead a remote attacker to
         cause denial of service
       - CVE-2019-2938: Fixed an issue where could lead a remote attacker to
         cause denial of service
       - CVE-2019-2740: Fixed an issue where could lead a local attacker to cause
         denial of service
       - CVE-2019-2805: Fixed an issue where could lead a local attacker to cause
         denial of service
       - CVE-2019-2974: Fixed an issue where could lead a remote attacker to
         cause denial of service
       - CVE-2019-2758: Fixed an issue where could lead a local attacker to cause
         denial of service
         or data corruption
       - CVE-2019-2739: Fixed an issue where could lead a local attacker to cause
         denial of service
         or data corruption
       - Enabled security hardenings in MariaDB's systemd service, namely
         ProtectSystem, ProtectHome and UMask (bsc#1160878).
       - Fixed a potental symlink attack (bsc#1160912).
       - Fixed a permissions issue in /var/lib/mysql (bsc#1077717).
       - Used systemd-tmpfiles for a cleaner and safer creation of /run/mysql
         (bsc#1160883).
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE OpenStack Cloud 7:
    
          zypper in -t patch SUSE-OpenStack-Cloud-7-2020-831=1
    
    
    
    Package List:
    
       - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
    
          mariadb-10.2.31-16.1
          mariadb-client-10.2.31-16.1
          mariadb-client-debuginfo-10.2.31-16.1
          mariadb-debuginfo-10.2.31-16.1
          mariadb-debugsource-10.2.31-16.1
          mariadb-tools-10.2.31-16.1
          mariadb-tools-debuginfo-10.2.31-16.1
    
       - SUSE OpenStack Cloud 7 (x86_64):
    
          mariadb-galera-10.2.31-16.1
    
       - SUSE OpenStack Cloud 7 (noarch):
    
          mariadb-errormessages-10.2.31-16.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-18901.html
       https://www.suse.com/security/cve/CVE-2019-2737.html
       https://www.suse.com/security/cve/CVE-2019-2739.html
       https://www.suse.com/security/cve/CVE-2019-2740.html
       https://www.suse.com/security/cve/CVE-2019-2758.html
       https://www.suse.com/security/cve/CVE-2019-2805.html
       https://www.suse.com/security/cve/CVE-2019-2938.html
       https://www.suse.com/security/cve/CVE-2019-2974.html
       https://www.suse.com/security/cve/CVE-2020-2574.html
       https://bugzilla.suse.com/1077717
       https://bugzilla.suse.com/1156669
       https://bugzilla.suse.com/1160878
       https://bugzilla.suse.com/1160883
       https://bugzilla.suse.com/1160895
       https://bugzilla.suse.com/1160912
       https://bugzilla.suse.com/1162388
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    LinuxSecurity Poll

    Do you agree with Linus Torvalds' decision to reject the controversial patch mitigating the Snoop attack on Intel CPUs?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/28-do-you-agree-with-linus-torvalds-decision-to-reject-the-controversial-patch-mitigating-the-snoop-attack-on-intel-cpus?task=poll.vote&format=json
    28
    radio
    [{"id":"100","title":"Yes - this was undoubtedly the right decision.","votes":"1","type":"x","order":"1","pct":50,"resources":[]},{"id":"101","title":"Not sure...","votes":"1","type":"x","order":"2","pct":50,"resources":[]},{"id":"102","title":"No - he made a big mistake here.","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.