mariadb-connector-c-3.1.11-2.el8
エラータID: AXSA:2021-1464:01
リリース日:
2021/02/12 Friday - 07:54
題名:
mariadb-connector-c-3.1.11-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- mariadb の libmariadb/maridb_lib.c には、サーバーから受信した
OK パケットのコンテンツを正しく検証しない脆弱性があります。
(CVE-2020-13249)
- mariadb の C API コンポーネントには MySQL クライアントを攻撃するために
複数のプロトコルを介してネットワークからアクセスしている認証されていない攻撃者が、
許可されていない権限を取得し、MySQL クライアントのハングや頻繁に繰り返される
クラッシュ(完全なサービス拒否)を引き起こす、悪用困難な脆弱性があります。
(CVE-2020-2574)
- mariadb の C API コンポーネントには、MySQL クライアントを攻撃するために
複数のプロトコルを介してネットワークからアクセスしている低い権限を持つ攻撃者が、
許可されていない権限を取得し、MySQL クライアントのハングや頻繁に繰り返される
クラッシュ(完全なサービス拒否)を引き起こす脆弱性があります。(CVE-2020-2752)
- mariadbの C API コンポートネントには、複数のプロトコルを介してネットワークに
アクセスしている認証されていない攻撃者が MySQL クライアントに侵入し、
MySQL クライアントがアクセス可能なデータのサブセットに権限無しで読み込み
アクセスできる脆弱性があります。(CVE-2020-2922)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-13249
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
CVE-2020-2574
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2752
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2922
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
追加情報:
N/A
ダウンロード:
SRPMS
- mariadb-connector-c-3.1.11-2.el8.src.rpm
MD5: 7f59a1104b8d50355e9abfec647527c4
SHA-256: 409f9b7542424ed3145968ffe0199906f37ea64e6e60409896898b189a1d2342
Size: 751.58 kB
Asianux Server 8 for x86_64
- mariadb-connector-c-3.1.11-2.el8.x86_64.rpm
MD5: 73b10c6c171560683afcabdd98661940
SHA-256: 6668be31906b1e487efc9e08f71ba150e0567a2da7f97ef80d841bd77e8c3a52
Size: 198.93 kB - mariadb-connector-c-config-3.1.11-2.el8.noarch.rpm
MD5: 4a39a63c0d94a9e355bc2fc158735e94
SHA-256: 27c3a256e9e65515c3fa05551beae7e92ac7d2357bfd2bb2ab9007538f08be86
Size: 13.49 kB - mariadb-connector-c-devel-3.1.11-2.el8.x86_64.rpm
MD5: f0204782f137a882bd1d2ef5ea5373d3
SHA-256: 9f33af3403f818339f0f4a0d9a4e8202a538df8932ced52db2393cb348ba8d96
Size: 67.12 kB - mariadb-connector-c-3.1.11-2.el8.i686.rpm
MD5: 1604882e9d934b3110af407f17fa1b72
SHA-256: 01b418602a83ec234c368b2f20cfd77ba2063f1c7be915987717122a84c1aaca
Size: 211.15 kB - mariadb-connector-c-devel-3.1.11-2.el8.i686.rpm
MD5: c726a4f92360f187a32036066598c42d
SHA-256: 2f1346a4b872fdaf0446dccfad888f445edcf1bd3a73e88e821542d7d61ed746
Size: 67.20 kB
English