Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorymoderatesecurity issueRed Hat Enterprise Linux 8: RHSA-2020-5503-01 Moderate: MariaDB Issues
An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: mariadb-connector-c security, bug fix, and enhancement update Advisory ID: RHSA-2020:5503-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5503 Issue date: 2020-12-15 CVE Names: CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-13249 ==================================================================== 1. Summary: An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898993) Security Fix(es): * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922) * mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249) * mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and otherrelated information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Code utilizing plugins can't be compiled properly (BZ#1899001) * Add "zlib-devel" requirement in "-devel" subpackage (BZ#1899005) * Replace hard-coded /usr with %{_prefix} (BZ#1899099) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020) 1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020) 1835850 - CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020) 1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server 1898993 - Tracker: MariaDB Connector C rebase to the latest version (3.1.11) [rhel-8.3.0.z] 1899001 - Code utilizing plugins can´t be compiled properly [rhel-8.3.0.z] 1899099 - Replace hard-coded /usr with %{_prefix} [rhel-8.3.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: mariadb-connector-c-3.1.11-2.el8_3.src.rpm aarch64: mariadb-connector-c-3.1.11-2.el8_3.aarch64.rpm mariadb-connector-c-debuginfo-3.1.11-2.el8_3.aarch64.rpm mariadb-connector-c-debugsource-3.1.11-2.el8_3.aarch64.rpm mariadb-connector-c-devel-3.1.11-2.el8_3.aarch64.rpm mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_3.aarch64.rpm noarch: mariadb-connector-c-config-3.1.11-2.el8_3.noarch.rpm ppc64le: mariadb-connector-c-3.1.11-2.el8_3.ppc64le.rpm mariadb-connector-c-debuginfo-3.1.11-2.el8_3.ppc64le.rpm mariadb-connector-c-debugsource-3.1.11-2.el8_3.ppc64le.rpm mariadb-connector-c-devel-3.1.11-2.el8_3.ppc64le.rpm mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_3.ppc64le.rpm s390x: mariadb-connector-c-3.1.11-2.el8_3.s390x.rpm mariadb-connector-c-debuginfo-3.1.11-2.el8_3.s390x.rpm mariadb-connector-c-debugsource-3.1.11-2.el8_3.s390x.rpm mariadb-connector-c-devel-3.1.11-2.el8_3.s390x.rpm mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_3.s390x.rpm x86_64: mariadb-connector-c-3.1.11-2.el8_3.i686.rpm mariadb-connector-c-3.1.11-2.el8_3.x86_64.rpm mariadb-connector-c-debuginfo-3.1.11-2.el8_3.i686.rpm mariadb-connector-c-debuginfo-3.1.11-2.el8_3.x86_64.rpm mariadb-connector-c-debugsource-3.1.11-2.el8_3.i686.rpm mariadb-connector-c-debugsource-3.1.11-2.el8_3.x86_64.rpm mariadb-connector-c-devel-3.1.11-2.el8_3.i686.rpm mariadb-connector-c-devel-3.1.11-2.el8_3.x86_64.rpm mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_3.i686.rpm mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9jwKtzjgjWX9erEAQjAMw//UpGqK/JimRYs0swG6HpxmaGGLzBJEWWT AHg98v9uorvqh7hHOKSb2fXwtTTixXi4HLCtVfk41ud2vRQ4/JVZQY4CmtuXp7r2 1MkGHOuwCgzPX2D7QactwR43oakCYeK784qal+BY77eRi5y6wNLr+75tup5twsPU yJ+hc/ZY2zlcbkFuXR1Bdsv/Z16cHHJjiRfbLm0JhPTeyx96V17leE1EY02pzwbx Ekv5M5jpGaSD7XkW//qmyH8EY4+0m5Aepa4aHBrcJ/XJ5rASztpBiqusS3kNeeQm WM5h84NUgCxm7RMQZoflkfw5YoGyLzkIPN6lbkgnDA/8NvoKJaQHZv6NQy9cLGq/ USq4+QF+o/Cvdtvl03Mp4CB7zq8daGZ6Y6jab97J0txViIFUNmNiRZc5gtLk/fEt FA6ytz0E+A9algZD9hraagha5IVjIo+G3syFFuxU7L9fJwPKavujwIIFESa15Rga Br44EXnV/teBNCxYwEpaqImJn/Dhn16DrXHafKlgK2+6sWtvFcFluMyYHpEBzfAp qoqdHGIjLCgP8St6oCQQaULMAGXGSJ2h9BvWIdZ7iwEFejXY/IyszKyuUa63rDKx AIKc2JsFCoE+7/PAJExzFfYJyzfQxSXvWJhwtNJMBVt95dsH8wK+AKkU+1waNBEi e3jE/WZ+tcg=lwbG -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 15, 2020
Red Hat
89
security advisoryupdateFedoraFedora 31: Security Update for MariaDB Connector C Critical Flaws
**MariaDB 10.3.26** **MariaDB connector C/C++ 3.1.11** **Galera 25.3.26** Release notes: https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-10-3-series/mariadb-10326-release-notes https://mariadb.com/docs/release-notes/connectors/c/3.1/3.1.11 ---- **MariaDB 10.3.25** Release notes: https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-10-3-series/mariadb-10325-release-notes. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-ac2d47d89a 2020-11-11 01:31:11.923446 --------------------------------------------------------------------------------Name : mariadb-connector-c Product : Fedora 31 Version : 3.1.11 Release : 1.fc31 URL : http://mariadb.org/ Summary : The MariaDB Native Client library (C driver) Description : The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. --------------------------------------------------------------------------------Update Information: **MariaDB 10.3.26** **MariaDB connector C/C++ 3.1.11** **Galera 25.3.26** Release notes: https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-10-3-series/mariadb-10326-release-notes https://mariadb.com/docs/release-notes/connectors/c/3.1/3.1.11 ----**MariaDB 10.3.25** Release notes: https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-10-3-series/mariadb-10325-release-notes --------------------------------------------------------------------------------ChangeLog: * Wed Nov 4 2020 Michal Schorm - 3.1.11-1 - Rebase to 3.1.11 --------------------------------------------------------------------------------References: [ 1 ] Bug #1830119 - CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 mariadb:10.3/mariadb: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1830119 [ 2 ] Bug #1843796 - CVE-2020-13249 mariadb:10.3/mariadb: mariadb-connector-c: Improper validation of content in a OK packet received from server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1843796 [ 3 ] Bug #1846527 - CVE-2020-2780 mariadb:10.3/mariadb: mysql: Server: DML unspecified vulnerability (CPU Apr 2020) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1846527 [ 4 ] Bug #1894078 - CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 mariadb: various flaws [fedora-31] https://bugzilla.redhat.com/show_bug.cgi?id=1894078 [ 5 ] Bug #1894663 - mariadb-connector-c-3.1.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1894663 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-ac2d47d89a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 10, 2020
•Critical
Fedora
202
security advisoryimportantopenSUSEopenSUSE 15.1: 2019:1913-1 Important: MariaDB Denial Of Service
An update that fixes three vulnerabilities is now available.. openSUSE Security Update: Security update for mariadb, mariadb-connector-c ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1913-1 Rating: important References: #1126088 #1132666 #1136035 Cross-References: CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666) mariadb-connector-c: - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1913=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libmariadb-devel-3.1.2-lp151.3.3.1 libmariadb-devel-debuginfo-3.1.2-lp151.3.3.1 libmariadb3-3.1.2-lp151.3.3.1 libmariadb3-debuginfo-3.1.2-lp151.3.3.1 libmariadb_plugins-3.1.2-lp151.3.3.1 libmariadb_plugins-debuginfo-3.1.2-lp151.3.3.1 libmariadbprivate-3.1.2-lp151.3.3.1 libmariadbprivate-debuginfo-3.1.2-lp151.3.3.1 libmysqld-devel-10.2.25-lp151.2.3.1 libmysqld19-10.2.25-lp151.2.3.1 libmysqld19-debuginfo-10.2.25-lp151.2.3.1 mariadb-10.2.25-lp151.2.3.1 mariadb-bench-10.2.25-lp151.2.3.1 mariadb-bench-debuginfo-10.2.25-lp151.2.3.1 mariadb-client-10.2.25-lp151.2.3.1 mariadb-client-debuginfo-10.2.25-lp151.2.3.1 mariadb-connector-c-debugsource-3.1.2-lp151.3.3.1 mariadb-debuginfo-10.2.25-lp151.2.3.1 mariadb-debugsource-10.2.25-lp151.2.3.1 mariadb-galera-10.2.25-lp151.2.3.1 mariadb-test-10.2.25-lp151.2.3.1 mariadb-test-debuginfo-10.2.25-lp151.2.3.1 mariadb-tools-10.2.25-lp151.2.3.1 mariadb-tools-debuginfo-10.2.25-lp151.2.3.1 - openSUSE Leap 15.1 (noarch): mariadb-errormessages-10.2.25-lp151.2.3.1 - openSUSE Leap 15.1 (x86_64): libmariadb3-32bit-3.1.2-lp151.3.3.1 libmariadb3-32bit-debuginfo-3.1.2-lp151.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-2614.html https://www.suse.com/security/cve/CVE-2019-2627.html https://www.suse.com/security/cve/CVE-2019-2628.html https://bugzilla.suse.com/1126088 https://bugzilla.suse.com/1132666 https://bugzilla.suse.com/1136035 -- . A crucial announcement for Fedora addresses several vulnerabilities in PostgreSQL and its interface, presenting critical risks of service interruptions.. SUSE Update, mariadb security, openSUSE advisory, denial of service, database security. . Severity: Important. LinuxSecurity.com Team
Aug 15, 2019
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!