mariadb-5.5.65-1.0.1.el7.AXS7
エラータID: AXSA:2020-4710:01
リリース日:
2020/04/17 Friday - 03:41
題名:
mariadb-5.5.65-1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- MariaDBのコンポーネント(サブコンポーネント: Server: Pluggable Auth)には、
複数のプロトコルによるネットワークアクセスを介した高い権限の攻撃者が、サーバーへ
不正アクセスすることで、完全なDoS攻撃(ハングや継続的なクラッシュ)を引き起こす
ことのできる悪用容易な脆弱性があります。(CVE-2019-2737)
- MariaDBのコンポーネント(サブコンポーネント: Server: Security: Privileges )には、
起動中のサーバーの基盤に高い権限の攻撃者がログインし、サーバーへ不正アクセスすること
で、完全なDoS攻撃(ハングや継続的なクラッシュ)を引き起こすことのできる悪用容易な脆弱性
があります。(CVE-2019-2739)
- MariaDBのコンポーネント(サブコンポーネント: Server: XML )には、複数のプロトコルによる
ネットワークアクセスを介した低い権限の攻撃者が、サーバーへ不正アクセスすることで、
完全なDoS攻撃(ハングや継続的なクラッシュ)を引き起こすことのできる悪用容易な脆弱性があり
ます。(CVE-2019-2740)
- MariaDBのコンポーネント(サブコンポーネント: Server: Parser)には、複数のプロトコルに
よるネットワークアクセスを介した低い権限の攻撃者が、サーバーへ不正アクセスすることで、
完全なDoS攻撃 (ハングや継続的なクラッシュ) を引き起こすことのできる悪用容易な脆弱性が
あります。(CVE-2019-2805)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2739
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2740
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2805
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
追加情報:
N/A
ダウンロード:
SRPMS
- mariadb-5.5.65-1.0.1.el7.AXS7.src.rpm
MD5: c4b660bd23f3584a02ec64238e29dfc1
SHA-256: bace18dccaa1b9a80bca6fca09d4732af87bb79e78b519e1932b0dc34261cfd1
Size: 39.16 MB
Asianux Server 7 for x86_64
- mariadb-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
MD5: aded88622881ae9827315603b96f8fb8
SHA-256: 3064e870418368559b8aae3e3d2e02f4acf2e11878b4f61cd1853cf1f7120884
Size: 8.73 MB - mariadb-bench-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
MD5: 9ec95da68d91b888f32671f7b68de58b
SHA-256: 1692b52569e7be7079611626cf363c7303a86a801fff2560a5f4738a3c41557e
Size: 387.96 kB - mariadb-devel-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
MD5: 5e4d4216722ecdfdb613a6028c3f3c5f
SHA-256: a2eefda1202b3b3a9e499e33b815c3804718a7dc411633faf5d12e4d0ccc9c97
Size: 755.44 kB - mariadb-libs-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
MD5: 2da40b394d4b8dc65f0ea3e00fa74de6
SHA-256: 1a224ea1ec496c026e06a8813e6a4e4551b10875d017b1ddba4b8cc48b25fd24
Size: 758.44 kB - mariadb-server-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
MD5: da757defc68048c4c1a91e57caab8f4c
SHA-256: 3794bdeab208f166049bb1c5cf206b44c6ffee39b35b9c1a1dbb6ca11704ba44
Size: 10.79 MB - mariadb-test-5.5.65-1.0.1.el7.AXS7.x86_64.rpm
MD5: d9e088a001f6bbe5d8089129540810ff
SHA-256: 35c6aec188df8577bf2ce14c9ff3de6de291616b13b180fd99f3d83e213914ed
Size: 8.15 MB - mariadb-devel-5.5.65-1.0.1.el7.AXS7.i686.rpm
MD5: dcccbb773817f76b4278537cf9b68a7e
SHA-256: 4c92e2b6ad08351ba39d0ad73cc9a019e3c24f9c55d049d5d0053baf32621803
Size: 755.48 kB - mariadb-libs-5.5.65-1.0.1.el7.AXS7.i686.rpm
MD5: df19d9a20adf67074668dafdd8dd1c40
SHA-256: d92e5327eb8a52a11fadabb947b0af2cf240a991457d84e4623f3e0bfbf1a73f
Size: 758.35 kB
English