rh-mariadb102-galera-25.3.29-1.AXS4, rh-mariadb102-mariadb-10.2.33-1.AXS4

エラータID: AXSA:2020-657:01

リリース日: 
2020/10/09 Friday - 13:25
題名: 
rh-mariadb102-galera-25.3.29-1.AXS4, rh-mariadb102-mariadb-10.2.33-1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Severity: 
Moderate
Description: 

MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version: rh-mariadb102-mariadb (10.2.33), rh-mariadb102-galera (25.3.29).

Security Fix(es):

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)

* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)

* mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)

* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)

* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-2614
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2627
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2628
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2739
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2740
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2758
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2805
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2938
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2974
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-13249
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
CVE-2020-2574
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2752
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2760
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2020-2780
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2812
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2814
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2922
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rh-mariadb102-galera-25.3.29-1.AXS4.src.rpm
    MD5: fd210933f8c1fda008579904eedb8f44
    SHA-256: 4e3c16a59dec96645fffd7ca165cd2f0b8c454dc603c6de9b325536bd5983528
    Size: 3.25 MB
  2. rh-mariadb102-mariadb-10.2.33-1.AXS4.src.rpm
    MD5: d7d0c6b5c20d49c7b03f68be91ff88c6
    SHA-256: bddee48d50d5fe24008c042cfa7caa289e5c0ed4c1725bd4fac66ad0ed7e4445
    Size: 64.98 MB

Asianux Server 4 for x86_64
  1. rh-mariadb102-galera-25.3.29-1.AXS4.x86_64.rpm
    MD5: ac48cacb84c63faae1096f54f87151d9
    SHA-256: a9dd76b36122d7dd080c9e7b2f631097f8555f85bffbaebcca3d5d43e8bd737e
    Size: 1.24 MB
  2. rh-mariadb102-mariadb-10.2.33-1.AXS4.x86_64.rpm
    MD5: b61e1db3edc97f0a9312ff55c1bb8b3c
    SHA-256: 6d78b12f52868b1b077b0c04d722bfaa563adda508f8bbf57fefb1d9bd87360a
    Size: 7.80 MB
  3. rh-mariadb102-mariadb-backup-10.2.33-1.AXS4.x86_64.rpm
    MD5: c098ae05d1cc9de7f9a54f9f14e4127f
    SHA-256: 4b8a1f4b984a4cf83d25df62a047e85a6d48a6debf4689a3ef0c4c79a5b7a116
    Size: 6.04 MB
  4. rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.AXS4.x86_64.rpm
    MD5: bc2fae28e414b23f1651a568f56a42d6
    SHA-256: c295b38958c91ee047ef84f582e8171dd7c5b7b87fbe1597cfabb4961e435890
    Size: 29.35 kB
  5. rh-mariadb102-mariadb-bench-10.2.33-1.AXS4.x86_64.rpm
    MD5: 59a745f27ad80dff6a814e16807e5919
    SHA-256: e227de29d59cc0c70b1c1a413a050c1e480ef9e67a0d0136345fe6c4c98176cc
    Size: 410.79 kB
  6. rh-mariadb102-mariadb-common-10.2.33-1.AXS4.x86_64.rpm
    MD5: d13d69bf0097544dc3cb338773bd73a2
    SHA-256: ae3d3dd81490bca9b266616fc7f2d2c8236d8e8a80fe580c7f5aec87fc705e28
    Size: 61.46 kB
  7. rh-mariadb102-mariadb-config-10.2.33-1.AXS4.x86_64.rpm
    MD5: 2d8842c23024754131d4d36a14000447
    SHA-256: 776174ec81c5770139b00d7e1840d09172fe02654e3ac637b981bdb60ed73604
    Size: 29.05 kB
  8. rh-mariadb102-mariadb-config-syspaths-10.2.33-1.AXS4.x86_64.rpm
    MD5: 28fe28d0e49f5790f2fd9be86bb2d34b
    SHA-256: 17082c47433d72ed823f47c5af67e2736b24ece1fa9bd1f198bcbe2d71b78362
    Size: 28.36 kB
  9. rh-mariadb102-mariadb-devel-10.2.33-1.AXS4.x86_64.rpm
    MD5: 16305f8e7f28e521106cdcb5e444fb5f
    SHA-256: 02316049d6db18f0dfbeeafb5b9baa0b3522ab08da568a3f15999915c1b9d363
    Size: 1.02 MB
  10. rh-mariadb102-mariadb-errmsg-10.2.33-1.AXS4.x86_64.rpm
    MD5: 9b41ebc64b33847ffb84b94ba8819aaf
    SHA-256: 58819f244d22382dd1d7b6887ce713602a14507e12f8c787303f91092ddc65d1
    Size: 277.64 kB
  11. rh-mariadb102-mariadb-gssapi-client-10.2.33-1.AXS4.x86_64.rpm
    MD5: 014dfa3bd8d4f226ffca56eeed0ecb54
    SHA-256: a2285db3a609cd7e1e25b5f01df34cb755d7a0813a5657a3d66cc167b18055d5
    Size: 31.26 kB
  12. rh-mariadb102-mariadb-gssapi-server-10.2.33-1.AXS4.x86_64.rpm
    MD5: 8c8e8fe84c9eb9ff6558eaeef650ffbd
    SHA-256: 43f25843edeedfbdf24fc887c6c6de88b9c7dfdaf404676b9dfb3a08217018b3
    Size: 32.90 kB
  13. rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.AXS4.x86_64.rpm
    MD5: 2033f7b15a380a23f2951e6dc78dde60
    SHA-256: becf5e05494d1525b8812e7ef106d845ce97187b360e5a3170805e974ec424df
    Size: 88.62 kB
  14. rh-mariadb102-mariadb-server-10.2.33-1.AXS4.x86_64.rpm
    MD5: e77007c758fd25dcb3b5392199bd62ac
    SHA-256: de0aa87641703c0b65024aaf1d5c33690838caeebc65f586a039189a78eccd29
    Size: 18.27 MB
  15. rh-mariadb102-mariadb-server-galera-10.2.33-1.AXS4.x86_64.rpm
    MD5: 1258a701d960739db1054af40caaabf9
    SHA-256: 4f3d439ec7a8c0351cdfe443098e6cdb90e0a493950a415e8a141e98d5b2fb83
    Size: 44.34 kB
  16. rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.AXS4.x86_64.rpm
    MD5: cc4d9ecbb978c4248df4c063501c1798
    SHA-256: dd6d7f56c1521bc0c5bfd54bd9f581195062e243b48daed8135ce4fe9f2c65a0
    Size: 29.00 kB
  17. rh-mariadb102-mariadb-server-syspaths-10.2.33-1.AXS4.x86_64.rpm
    MD5: 6a30d839615b73b69327c3fb5ffcfdfa
    SHA-256: 97871ae44a23e490f25de5f202ae0b709912c0fc9e3d1575f7bcae61d1f5961e
    Size: 36.12 kB
  18. rh-mariadb102-mariadb-server-utils-10.2.33-1.AXS4.x86_64.rpm
    MD5: e229708f67f2de40e82e9b3cf597ab75
    SHA-256: 6d029e2a1a33971fda6e34e63dfdf18e874354cfdd3cd4a39b8b8f3dfde83764
    Size: 2.24 MB
  19. rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.AXS4.x86_64.rpm
    MD5: e29e68f2910385d582b122509e0c92df
    SHA-256: d5037de517f6656951866fdb1fc3a2a091f32401d37c6fdca42e8bb88ef86655
    Size: 30.91 kB
  20. rh-mariadb102-mariadb-syspaths-10.2.33-1.AXS4.x86_64.rpm
    MD5: b832fba196866d02bd67b28649cfc35a
    SHA-256: 6c6dc122cfd2ec30623dbb7e0511483f6222f8d447e510dc7d3dd7df51627afb
    Size: 32.26 kB
  21. rh-mariadb102-mariadb-test-10.2.33-1.AXS4.x86_64.rpm
    MD5: b046add085aaa32b210a927042184ef5
    SHA-256: 0d55511cb89c381c6e7c39d65b4ffff16c75e0c2d51b4c0fc6fae77257292302
    Size: 22.72 MB