Advisories » MGASA-2017-0096

Updated mariadb packages fix security vulnerability

Publication date: 31 Mar 2017
Modification date: 31 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-3302 , CVE-2017-3313

Description

Crash in libmysqlclient.so in MariaDB 10.0.x through 10.0.29
(CVE-2017-3302).

Vulnerability in the MariaDB Server component of MariaDB (subcomponent:
Server: MyISAM). Difficult to exploit vulnerability allows low privileged
attacker with logon to the infrastructure where MariaDB Server executes to
compromise MariaDB Server. Successful attacks of this vulnerability can
result in unauthorized access to critical data or complete access to all
MariaDB Server accessible data (CVE-2017-3313).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20487
• https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/
• https://www.debian.org/security/2017/dsa-3809
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313

SRPMS

5/core

• mariadb-10.0.30-1.mga5