Executive Summary

Summary
Title mariadb:10.3 security and bug fix update
Informations
Name RHSA-2019:3708 First vendor Publication 2019-11-05
Vendor RedHat Last vendor Modification 2019-11-05
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:P/A:P)
Cvss Base Score 5.5 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358)

Security Fix(es):

* mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)

* mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)

* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)

* mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)

* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1657220 - Rebase to 25.3.26 1659920 - Fix security flags in ELF files 1666751 - CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019) 1666763 - CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) 1686818 - Altering table's column used in primary key causes data corruption 1687879 - Cannot join a cluster any more when using IPv6 in gmcast.listen_addr 1693245 - SELinux: mariadb-server-galera 1702707 - Invalid License tag 1702709 - Investigate: "Gaps were detected in the annobin coverage" 1702969 - CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) 1702976 - CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) 1702977 - CVE-2019-2628 mysql: InnoDB unspecified vulnerability (CPU Apr 2019) 1731997 - CVE-2019-2737 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) 1731999 - CVE-2019-2739 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) 1732000 - CVE-2019-2740 mysql: Server: XML unspecified vulnerability (CPU Jul 2019) 1732008 - CVE-2019-2758 mysql: InnoDB unspecified vulnerability (CPU Jul 2019) 1732025 - CVE-2019-2805 mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-3708.html

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 161
Application 2
Application 1
Application 19
Application 1
Application 1
Application 1
Application 472
Os 6
Os 1
Os 2
Os 2
Os 1
Os 2
Os 4
Os 2
Os 3
Os 3
Os 2

Nessus® Vulnerability Scanner

Date Description
2019-01-17 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_43.nasl - Type : ACT_GATHER_INFO
2019-01-17 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_7_25.nasl - Type : ACT_GATHER_INFO
2019-01-17 Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_8_0_14.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2020-03-19 13:19:32
  • First insertion