mariadb-5.5.68-1.el7

エラータID: AXSA:2020-660:02

Release date: 
Friday, October 9, 2020 - 17:27
Subject: 
mariadb-5.5.68-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (5.5.68).

Security Fix(es):

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)

* mysql: C API: unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7 Release Notes linked from the References section.

CVE-2019-2974
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2574
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2752
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2780
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2812
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. mariadb-5.5.68-1.el7.src.rpm
    MD5: 97b0ab94f48b2a51a509ad6dd3ced73a
    SHA-256: 7ac005e8de869757f6ff7afdc6f66ad9781c4708f2e6da869894604337ae207a
    Size: 39.17 MB

Asianux Server 7 for x86_64
  1. mariadb-5.5.68-1.el7.x86_64.rpm
    MD5: a2ecf2659ea40cb510f2634464c67ca0
    SHA-256: 2004f12df78ffaafc0aefe107733791a9016eff468fea53d060b6f238ab50c60
    Size: 8.74 MB
  2. mariadb-bench-5.5.68-1.el7.x86_64.rpm
    MD5: 8876fc634c252ad9d58afe47c15d822f
    SHA-256: 1aa300dc30aa7c6d83b6dfc37751ff2663f99a1ba35e1b88d6c7b5e28a2ff1b6
    Size: 388.34 kB
  3. mariadb-devel-5.5.68-1.el7.x86_64.rpm
    MD5: 8c92351cdb16643e9ea5848e5f62b7f8
    SHA-256: fa0671e6df611ef3ba6c51771082bfa3de4e60457c041a7d382ee2ef0bd2ac62
    Size: 756.11 kB
  4. mariadb-libs-5.5.68-1.el7.x86_64.rpm
    MD5: 8998ffe24108030174832d5cbedae150
    SHA-256: de5ef1d923adb02f69842dcfa035e7147fabdc9516831df8bb25d9d994b8621e
    Size: 759.12 kB
  5. mariadb-server-5.5.68-1.el7.x86_64.rpm
    MD5: 17e2470eb7359b310561c07932fdbb96
    SHA-256: 3cb44865ee20f26714560f33e8ff41d83b95b7817335097395c5aa9eaf0d3b60
    Size: 10.79 MB
  6. mariadb-test-5.5.68-1.el7.x86_64.rpm
    MD5: 2def35d04f5f0df32c75c6bba561b839
    SHA-256: 065c0f07cd38ea5b54dcd1deae331bc745d4aaefe4ee7d9135e5013112e22550
    Size: 8.16 MB
  7. mariadb-devel-5.5.68-1.el7.i686.rpm
    MD5: 0225eae3190fb3f41392841e9f0b4c1a
    SHA-256: 83eba7efc219b0ae3759b7a28e9ae6dcd7fa38ddd1ff471fbf74dece9d4fc99a
    Size: 756.14 kB
  8. mariadb-libs-5.5.68-1.el7.i686.rpm
    MD5: f4a0498bfa2340ffab1931073c2a4776
    SHA-256: e1a274f215845e8a0e13dafad87c484bd0a6bcce4f21b3e566cfa037686542ff
    Size: 758.93 kB