Mageia alert MGASA-2018-0139 (mariadb)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2018-0139: Updated mariadb packages fix security vulnerability | |
| Date: | Sun, 25 Feb 2018 00:26:08 +0100 | |
| Message-ID: | <20180224232608.AB9A09FD12@duvel.mageia.org> |
MGASA-2018-0139 - Updated mariadb packages fix security vulnerability Publication date: 24 Feb 2018 URL: https://advisories.mageia.org/MGASA-2018-0139.html Type: security Affected Mageia releases: 5 CVE: CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2612 Description: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Partition). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-2562). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2622). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2640). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2665). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2668). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2612). References: - https://bugs.mageia.org/show_bug.cgi?id=22608 - https://mariadb.com/kb/en/library/mariadb-10034-release-n... - http://www.oracle.com/technetwork/security-advisory/cpuja... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612 SRPMS: - 5/core/mariadb-10.0.34-1.mga5