mariadb-connector-c-3.1.11-2.el8

エラータID: AXSA:2021-1464:01

Release date: 
Friday, February 12, 2021 - 07:54
Subject: 
mariadb-connector-c-3.1.11-2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases.

The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11).

Security Fix(es):

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)

* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Code utilizing plugins can't be compiled properly

* Add "zlib-devel" requirement in "-devel" subpackage

* Replace hard-coded /usr with %{_prefix}

CVE-2020-13249
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
CVE-2020-2574
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2752
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2922
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. mariadb-connector-c-3.1.11-2.el8.src.rpm
    MD5: 7f59a1104b8d50355e9abfec647527c4
    SHA-256: 409f9b7542424ed3145968ffe0199906f37ea64e6e60409896898b189a1d2342
    Size: 751.58 kB

Asianux Server 8 for x86_64
  1. mariadb-connector-c-3.1.11-2.el8.x86_64.rpm
    MD5: 73b10c6c171560683afcabdd98661940
    SHA-256: 6668be31906b1e487efc9e08f71ba150e0567a2da7f97ef80d841bd77e8c3a52
    Size: 198.93 kB
  2. mariadb-connector-c-config-3.1.11-2.el8.noarch.rpm
    MD5: 4a39a63c0d94a9e355bc2fc158735e94
    SHA-256: 27c3a256e9e65515c3fa05551beae7e92ac7d2357bfd2bb2ab9007538f08be86
    Size: 13.49 kB
  3. mariadb-connector-c-devel-3.1.11-2.el8.x86_64.rpm
    MD5: f0204782f137a882bd1d2ef5ea5373d3
    SHA-256: 9f33af3403f818339f0f4a0d9a4e8202a538df8932ced52db2393cb348ba8d96
    Size: 67.12 kB
  4. mariadb-connector-c-3.1.11-2.el8.i686.rpm
    MD5: 1604882e9d934b3110af407f17fa1b72
    SHA-256: 01b418602a83ec234c368b2f20cfd77ba2063f1c7be915987717122a84c1aaca
    Size: 211.15 kB
  5. mariadb-connector-c-devel-3.1.11-2.el8.i686.rpm
    MD5: c726a4f92360f187a32036066598c42d
    SHA-256: 2f1346a4b872fdaf0446dccfad888f445edcf1bd3a73e88e821542d7d61ed746
    Size: 67.20 kB