SUSE Security Update: Security update for mariadb
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:1710-1
Rating:             moderate
References:         #1171550 
Cross-References:   CVE-2020-13249 CVE-2020-2752 CVE-2020-2760
                    CVE-2020-2812 CVE-2020-2814
Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:

   This update for mariadb fixes the following issues:

   mariadb was updated to version 10.2.32 (bsc#1171550)

   - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized
     ability to cause denial of service.
   - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized
     ability to cause denial of service.
   - CVE-2020-2814: Fixed an issue which could have resulted in unauthorized
     ability to cause denial of service.
   - CVE-2020-2760: Fixed an issue which could have resulted in unauthorized
     ability to cause denial of service.
   - CVE-2020-13249: Fixed an improper validation of the content of an OK
     packet received from a server.

   Release notes and changelog:

   - https://mariadb.com/kb/en/mariadb-10232-release-notes/
   - https://mariadb.com/kb/en/mariadb-10232-changelog/
   - Update to 10.2.32 GA [bsc#1171550]


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1710=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1710=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1710=1

   - SUSE Linux Enterprise Server 12-SP4:

      zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1710=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      mariadb-debuginfo-10.2.32-3.28.2
      mariadb-debugsource-10.2.32-3.28.2
      mariadb-galera-10.2.32-3.28.2

   - SUSE OpenStack Cloud 9 (x86_64):

      mariadb-debuginfo-10.2.32-3.28.2
      mariadb-debugsource-10.2.32-3.28.2
      mariadb-galera-10.2.32-3.28.2

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      mariadb-10.2.32-3.28.2
      mariadb-client-10.2.32-3.28.2
      mariadb-client-debuginfo-10.2.32-3.28.2
      mariadb-debuginfo-10.2.32-3.28.2
      mariadb-debugsource-10.2.32-3.28.2
      mariadb-tools-10.2.32-3.28.2
      mariadb-tools-debuginfo-10.2.32-3.28.2

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      mariadb-errormessages-10.2.32-3.28.2

   - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):

      mariadb-10.2.32-3.28.2
      mariadb-client-10.2.32-3.28.2
      mariadb-client-debuginfo-10.2.32-3.28.2
      mariadb-debuginfo-10.2.32-3.28.2
      mariadb-debugsource-10.2.32-3.28.2
      mariadb-tools-10.2.32-3.28.2
      mariadb-tools-debuginfo-10.2.32-3.28.2

   - SUSE Linux Enterprise Server 12-SP4 (noarch):

      mariadb-errormessages-10.2.32-3.28.2


References:

   https://www.suse.com/security/cve/CVE-2020-13249.html
   https://www.suse.com/security/cve/CVE-2020-2752.html
   https://www.suse.com/security/cve/CVE-2020-2760.html
   https://www.suse.com/security/cve/CVE-2020-2812.html
   https://www.suse.com/security/cve/CVE-2020-2814.html
   https://bugzilla.suse.com/1171550

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:1710-1 moderate: mariadb

June 23, 2020
An update that fixes 5 vulnerabilities is now available

Summary

This update for mariadb fixes the following issues: mariadb was updated to version 10.2.32 (bsc#1171550) - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server. Release notes and changelog: - https://mariadb.com/kb/en/mariadb-10232-release-notes/ - https://mariadb.com/kb/en/mariadb-10232-changelog/ - Update to 10.2.32 GA [bsc#1171550] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1710=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1710=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1710=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1710=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mariadb-debuginfo-10.2.32-3.28.2 mariadb-debugsource-10.2.32-3.28.2 mariadb-galera-10.2.32-3.28.2 - SUSE OpenStack Cloud 9 (x86_64): mariadb-debuginfo-10.2.32-3.28.2 mariadb-debugsource-10.2.32-3.28.2 mariadb-galera-10.2.32-3.28.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mariadb-10.2.32-3.28.2 mariadb-client-10.2.32-3.28.2 mariadb-client-debuginfo-10.2.32-3.28.2 mariadb-debuginfo-10.2.32-3.28.2 mariadb-debugsource-10.2.32-3.28.2 mariadb-tools-10.2.32-3.28.2 mariadb-tools-debuginfo-10.2.32-3.28.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): mariadb-errormessages-10.2.32-3.28.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): mariadb-10.2.32-3.28.2 mariadb-client-10.2.32-3.28.2 mariadb-client-debuginfo-10.2.32-3.28.2 mariadb-debuginfo-10.2.32-3.28.2 mariadb-debugsource-10.2.32-3.28.2 mariadb-tools-10.2.32-3.28.2 mariadb-tools-debuginfo-10.2.32-3.28.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): mariadb-errormessages-10.2.32-3.28.2

References

#1171550

Cross- CVE-2020-13249 CVE-2020-2752 CVE-2020-2760

CVE-2020-2812 CVE-2020-2814

Affected Products:

SUSE OpenStack Cloud Crowbar 9

SUSE OpenStack Cloud 9

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4

https://www.suse.com/security/cve/CVE-2020-13249.html

https://www.suse.com/security/cve/CVE-2020-2752.html

https://www.suse.com/security/cve/CVE-2020-2760.html

https://www.suse.com/security/cve/CVE-2020-2812.html

https://www.suse.com/security/cve/CVE-2020-2814.html

https://bugzilla.suse.com/1171550

Severity
Announcement ID: SUSE-SU-2020:1710-1
Rating: moderate

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved