Advisories » MGASA-2020-0072

Updated mariadb packages fix security vulnerability

Publication date: 30 Jan 2020
Modification date: 30 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-2574

Description

Updated MariaDB packages fix security vulnerabilities:

Difficult to exploit vulnerability allows unauthenticated attacker with
network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS)
of MySQL Client (CVE-2020-2574).

In addtion a new pam subpackge is provided which adds prebuilt
pam_user_map

For other fixes in this update, see the referenced release notes.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26142
• https://mariadb.com/kb/en/authentication-plugin-pam/
• https://mariadb.com/kb/en/mariadb-10322-release-notes/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2574

SRPMS

7/core

• mariadb-10.3.22-1.mga7