SUSE: 2020:0831-1 important: mariadb
Summary
This update for mariadb to version 10.2.31 GA fixes the following issues: MariaDB was updated to version 10.2.31 GA (bsc#1162388 and bsc#1156669). Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). - CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895). - CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service or data corruption - CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service or data corruption - Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878). - Fixed a potental symlink attack (bsc#1160912). - Fixed a permissions issue in /var/lib/mysql (bsc#1077717). - Used systemd-tmpfiles for a cleaner and safer creation of /run/mysql (bsc#1160883). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-831=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): mariadb-10.2.31-16.1 mariadb-client-10.2.31-16.1 mariadb-client-debuginfo-10.2.31-16.1 mariadb-debuginfo-10.2.31-16.1 mariadb-debugsource-10.2.31-16.1 mariadb-tools-10.2.31-16.1 mariadb-tools-debuginfo-10.2.31-16.1 - SUSE OpenStack Cloud 7 (x86_64): mariadb-galera-10.2.31-16.1 - SUSE OpenStack Cloud 7 (noarch): mariadb-errormessages-10.2.31-16.1
References
#1077717 #1156669 #1160878 #1160883 #1160895
#1160912 #1162388
Cross- CVE-2019-18901 CVE-2019-2737 CVE-2019-2739
CVE-2019-2740 CVE-2019-2758 CVE-2019-2805
CVE-2019-2938 CVE-2019-2974 CVE-2020-2574
Affected Products:
SUSE OpenStack Cloud 7
https://www.suse.com/security/cve/CVE-2019-18901.html
https://www.suse.com/security/cve/CVE-2019-2737.html
https://www.suse.com/security/cve/CVE-2019-2739.html
https://www.suse.com/security/cve/CVE-2019-2740.html
https://www.suse.com/security/cve/CVE-2019-2758.html
https://www.suse.com/security/cve/CVE-2019-2805.html
https://www.suse.com/security/cve/CVE-2019-2938.html
https://www.suse.com/security/cve/CVE-2019-2974.html
https://www.suse.com/security/cve/CVE-2020-2574.html
https://bugzilla.suse.com/1077717
https://bugzilla.suse.com/1156669
https://bugzilla.suse.com/1160878
https://bugzilla.suse.com/1160883
https://bugzilla.suse.com/1160895
https://bugzilla.suse.com/1160912
https://bugzilla.suse.com/1162388