Updated mariadb packages fix security vulnerability
Publication date: 24 Feb 2018Modification date: 24 Feb 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2018-2562 , CVE-2018-2622 , CVE-2018-2640 , CVE-2018-2665 , CVE-2018-2668 , CVE-2018-2612
Description
Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Partition). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data (CVE-2018-2562). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2622). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2640). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2665). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2668). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: InnoDB). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2018-2612).
References
- https://bugs.mageia.org/show_bug.cgi?id=22608
- https://mariadb.com/kb/en/library/mariadb-10034-release-notes/
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612
SRPMS
5/core
- mariadb-10.0.34-1.mga5