mariadb-5.5.65-1.0.1.el7.AXS7

エラータID: AXSA:2020-4710:01

Release date: 
Friday, April 17, 2020 - 03:41
Subject: 
mariadb-5.5.65-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (5.5.65).

* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)

* mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)

* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7 Release Notes linked from the References section.

CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2739
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2740
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2805
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Solution: 

Update packages.

CVEs: 
CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2739
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2740
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2805
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Additional Info: 

N/A

Download: 

SRPMS
  1. mariadb-5.5.65-1.0.1.el7.AXS7.src.rpm
    MD5: c4b660bd23f3584a02ec64238e29dfc1
    SHA-256: bace18dccaa1b9a80bca6fca09d4732af87bb79e78b519e1932b0dc34261cfd1
    Size: 39.16 MB

Asianux Server 7 for x86_64
  1. mariadb-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
    MD5: aded88622881ae9827315603b96f8fb8
    SHA-256: 3064e870418368559b8aae3e3d2e02f4acf2e11878b4f61cd1853cf1f7120884
    Size: 8.73 MB
  2. mariadb-bench-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 9ec95da68d91b888f32671f7b68de58b
    SHA-256: 1692b52569e7be7079611626cf363c7303a86a801fff2560a5f4738a3c41557e
    Size: 387.96 kB
  3. mariadb-devel-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 5e4d4216722ecdfdb613a6028c3f3c5f
    SHA-256: a2eefda1202b3b3a9e499e33b815c3804718a7dc411633faf5d12e4d0ccc9c97
    Size: 755.44 kB
  4. mariadb-libs-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 2da40b394d4b8dc65f0ea3e00fa74de6
    SHA-256: 1a224ea1ec496c026e06a8813e6a4e4551b10875d017b1ddba4b8cc48b25fd24
    Size: 758.44 kB
  5. mariadb-server-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
    MD5: da757defc68048c4c1a91e57caab8f4c
    SHA-256: 3794bdeab208f166049bb1c5cf206b44c6ffee39b35b9c1a1dbb6ca11704ba44
    Size: 10.79 MB
  6. mariadb-test-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
    MD5: d9e088a001f6bbe5d8089129540810ff
    SHA-256: 35c6aec188df8577bf2ce14c9ff3de6de291616b13b180fd99f3d83e213914ed
    Size: 8.15 MB
  7. mariadb-devel-5.5.65-1.0.1.el7.AXS7.i686.rpm
    MD5: dcccbb773817f76b4278537cf9b68a7e
    SHA-256: 4c92e2b6ad08351ba39d0ad73cc9a019e3c24f9c55d049d5d0053baf32621803
    Size: 755.48 kB
  8. mariadb-libs-5.5.65-1.0.1.el7.AXS7.i686.rpm
    MD5: df19d9a20adf67074668dafdd8dd1c40
    SHA-256: d92e5327eb8a52a11fadabb947b0af2cf240a991457d84e4623f3e0bfbf1a73f
    Size: 758.35 kB