Updated mariadb packages fix security vulnerabilities
Publication date: 21 Dec 2017Modification date: 21 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-10268 , CVE-2017-10378
Description
Difficult to exploit vulnerability in MariaDB Server allows high
privileged attacker with logon to the infrastructure where MariaDB
Server executes to compromise MariaDB Server. Successful attacks of this
vulnerability can result in unauthorized access to critical data or
complete access to all MariaDB Server accessible data (CVE-2017-10268).
Easily exploitable vulnerability in MariaDB Server allows low privileged
attacker with network access via multiple protocols to compromise
MariaDB Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MariaDB Server (CVE-2017-10378).
References
- https://bugs.mageia.org/show_bug.cgi?id=22206
- https://mariadb.com/kb/en/library/mariadb-10033-release-notes/
- https://mariadb.com/kb/en/library/mariadb-10129-release-notes/
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
SRPMS
6/core
- mariadb-10.1.29-2.mga6
5/core
- mariadb-10.0.33-2.mga5