AXSA:2019-4127:01

リリース日: 
2019/08/20 Tuesday - 02:12
題名: 
mariadb-5.5.64-1.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (5.5.64). (BZ#1610986, BZ#1664043)

Security Fix(es):

* mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063)

* mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)

* mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)

* mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)

* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529)

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)

* mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.

CVE-2018-3058
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
CVE-2018-3063
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3066
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVE-2018-3081
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-3282
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2503
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
CVE-2019-2529
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2614
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2627
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
1. mariadb-5.5.64-1.el7.src.rpm
md5sum: 096c38cb4be62e26cf97a7984ba879bd
sha256sum: ed58022a8cfc85f062017c178749085010d82b08b43e0ed98ff0463007d4027d
Size: 40,083 Kb

Asianux Server 7.0 for x86_64
1. mariadb-5.5.64-1.el7.x86_64.rpm
md5sum: c47cbfa5a20afa91d591d49113cc8a84
sha256sum: 3c8e54c25401e885550ef536212ee466516a0e284e28c5d7f5103466c9a7c049
Size: 8,939 Kb
2. mariadb-bench-5.5.64-1.el7.x86_64.rpm
md5sum: 664c42338ecd0fffe0281fc1a412480b
sha256sum: e38d67c459384bd61b1f9751b83b192616a77678b5ede9a2ecece32d4603fd32
Size: 387 Kb
3. mariadb-devel-5.5.64-1.el7.x86_64.rpm
md5sum: 76774c8113e04008c7f3932159b34554
sha256sum: be2f761a9c800d83757b9031d98f36b4d0707885acdb02d6180dbcc4226067d9
Size: 754 Kb
4. mariadb-libs-5.5.64-1.el7.x86_64.rpm
md5sum: 4dcc23f16fa31a90ff6b3f7df17880ca
sha256sum: e8260d2743c394adbdd5599ea957deb622bfbf267a37c12a28ad08e1e6bd55f8
Size: 758 Kb
5. mariadb-server-5.5.64-1.el7.x86_64.rpm
md5sum: 75e8109263d6d2c9ab2f65e2cbdff8aa
sha256sum: 66e84b74c4e626eeceb7b1e9bacd4dbc77f185f3d5984befd1be28da4cefabd3
Size: 11,042 Kb
6. mariadb-test-5.5.64-1.el7.x86_64.rpm
md5sum: d5333109d23e262cf14682122471a268
sha256sum: 203bc227af31d977f725956f41633a92908078c4b775cb387802b112dd175f3f
Size: 8,337 Kb
7. mariadb-devel-5.5.64-1.el7.i686.rpm
md5sum: 56c381d835b851183fc991879df603a7
sha256sum: c9bb7719aed9dc7cb8fd7830af4d9aa2bb56790e0e0db068673cf65b587cc1a5
Size: 755 Kb
8. mariadb-libs-5.5.64-1.el7.i686.rpm
md5sum: 67f739342bd4fa646f96360fcfa67265
sha256sum: 4a76cdbf5dbedc6be1566ce85c1013e8246a0fc9c710692526b6ff3728111d74
Size: 758 Kb
Copyright© 2007-2015 Asianux. All rights reserved.