mariadb-5.5.64-1.el7
エラータID: AXSA:2019-4127:01
リリース日:
2019/08/20 Tuesday - 03:12
題名:
mariadb-5.5.64-1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- MyISAM サブコンポーネントには、複数のプロトコルによるネットワークアクセスを
介した低い権限の攻撃者が、MySQL サーバーがアクセス可能な一部のデータに
対して、更新、挿入、削除を行なうことができる、悪用容易な脆弱性があります。
(CVE-2018-3058)
- Server: Security: Privileges サブコンポーネントには、複数のプロトコルによる
ネットワークアクセスを介した高い権限の攻撃者が、完全なサービス拒否(ハングや
継続的なクラッシュ)を引き起こすことのできる、悪用容易な脆弱性があります。
(CVE-2018-3063)
- Server: Options サブコンポーネントには、複数のプロトコルによるネット
ワークアクセスを介した高い権限の攻撃者が、サーバーがアクセス可能な
一部のデータに対し、読取、更新、挿入、削除ができる、悪用困難な脆弱性が
あります。(CVE-2018-3066)
- Client プログラムサブコンポーネントには、複数のプロトコルによるネット
ワークアクセスを介した高い権限の攻撃者が、クライアントがアクセス可能な
一部のデータに対する更新、挿入、削除を行なうことができる、あるいは、
完全なサービス拒否(ハングや継続的なクラッシュ)を引き起こすことのできる、
悪用困難な脆弱性があります。(CVE-2018-3081)
- Server: Storage Engines サブコンポーネントには、複数のプロトコルによる
ネットワークアクセスを介した高い権限の攻撃者が、完全なサービス拒否
(ハングや継続的なクラッシュ)を引き起こすことのできる、悪用容易な脆弱性が
あります。(CVE-2018-3282)
- Server: Connection Handling サブコンポーネントには、MySQL サーバーが
実行されているコンピューターの物理通信セグメントへアクセスできる低い権限の
攻撃者が、機密情報や MySQL サーバーがアクセスできる全てのデータにアクセス
できる、あるいは、完全なサービス拒否(ハングや継続的なクラッシュ)を引き起こす
ことのできる、悪用困難な脆弱性があります。(CVE-2019-2503)
- Server: Optimizer サブコンポーネントには、複数のプロトコルによるネットワーク
アクセスを介した低い権限の攻撃者が、完全なサービス拒否(ハングや継続的な
クラッシュ)を引き起こすことのできる、悪用容易な脆弱性があります。
(CVE-2019-2529)
- Server: Replication サブコンポーネントには、複数のプロトコルによる
ネットワークアクセスを介した高い権限の攻撃者が、完全なサービス拒否
(ハングや継続的なクラッシュ)を引き起こすことのできる、悪用困難な
脆弱性があります。(CVE-2019-2614)
- Server: Security: Privileges サブコンポーネントには、複数のプロトコルによる
ネットワークアクセスを介した高い権限の攻撃者が、完全なサービス拒否
(ハングや継続的なクラッシュ)を引き起こすことのできる、悪用容易な
脆弱性があります。(CVE-2019-2627)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-3058
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
CVE-2018-3063
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3066
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVE-2018-3081
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-3282
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2503
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
CVE-2019-2529
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2614
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2627
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
追加情報:
N/A
ダウンロード:
SRPMS
- mariadb-5.5.64-1.el7.src.rpm
MD5: 096c38cb4be62e26cf97a7984ba879bd
SHA-256: ed58022a8cfc85f062017c178749085010d82b08b43e0ed98ff0463007d4027d
Size: 39.14 MB
Asianux Server 7 for x86_64
- mariadb-5.5.64-1.el7.x86_64.rpm
MD5: c47cbfa5a20afa91d591d49113cc8a84
SHA-256: 3c8e54c25401e885550ef536212ee466516a0e284e28c5d7f5103466c9a7c049
Size: 8.73 MB - mariadb-bench-5.5.64-1.el7.x86_64.rpm
MD5: 664c42338ecd0fffe0281fc1a412480b
SHA-256: e38d67c459384bd61b1f9751b83b192616a77678b5ede9a2ecece32d4603fd32
Size: 387.43 kB - mariadb-devel-5.5.64-1.el7.x86_64.rpm
MD5: 76774c8113e04008c7f3932159b34554
SHA-256: be2f761a9c800d83757b9031d98f36b4d0707885acdb02d6180dbcc4226067d9
Size: 754.49 kB - mariadb-libs-5.5.64-1.el7.x86_64.rpm
MD5: 4dcc23f16fa31a90ff6b3f7df17880ca
SHA-256: e8260d2743c394adbdd5599ea957deb622bfbf267a37c12a28ad08e1e6bd55f8
Size: 758.26 kB - mariadb-server-5.5.64-1.el7.x86_64.rpm
MD5: 75e8109263d6d2c9ab2f65e2cbdff8aa
SHA-256: 66e84b74c4e626eeceb7b1e9bacd4dbc77f185f3d5984befd1be28da4cefabd3
Size: 10.78 MB - mariadb-test-5.5.64-1.el7.x86_64.rpm
MD5: d5333109d23e262cf14682122471a268
SHA-256: 203bc227af31d977f725956f41633a92908078c4b775cb387802b112dd175f3f
Size: 8.14 MB - mariadb-devel-5.5.64-1.el7.i686.rpm
MD5: 56c381d835b851183fc991879df603a7
SHA-256: c9bb7719aed9dc7cb8fd7830af4d9aa2bb56790e0e0db068673cf65b587cc1a5
Size: 754.52 kB - mariadb-libs-5.5.64-1.el7.i686.rpm
MD5: 67f739342bd4fa646f96360fcfa67265
SHA-256: 4a76cdbf5dbedc6be1566ce85c1013e8246a0fc9c710692526b6ff3728111d74
Size: 757.68 kB
English