Mageia 2019-0224: mariadb security update
Summary
Updated mariadb packages fix security vulnerabilities:
An easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise mariadb server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS)
(CVE-2019-2737).
An easily exploitable vulnerability allows high privileged attacker with
logon to the infrastructure where mariadb server executes to compromise
mariadb server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of mariadb server as well as unauthorized update, insert
or delete access to some of mariadb server accessible data (CVE-2019-2739).
An easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise mariadb server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of mariadb
server (CVE-2019-2740).
An easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise mariadb server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of mariadb
server as well as unauthorized update, insert or delete access to some of
mariadb server accessible data (CVE-2019-2758).
An easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise mariadb server.
Successful attacks of this vulnerability can result in unauthorized ability
to cause a hang or frequently repeatable crash (complete DOS) of mariadb
server (CVE-2019-2805).
This update also fixes issues with FULLTEXT INDEX, Encrypted temporary
tables, Indexed virtual columns, Recovery & Mariabackup.
References
- https://bugs.mageia.org/show_bug.cgi?id=25210
- https://mariadb.com/kb/en/mariadb-10317-release-notes/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2737
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2740
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2758
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805
Resolution
MGASA-2019-0224 - Updated mariadb packages fix security vulnerabilities
SRPMS
- 7/core/mariadb-10.3.17-1.mga7
- 6/core/mariadb-10.1.41-1.mga6