mariadb-5.5.60-1.el7
エラータID: AXSA:2018-3308:01
以下項目について対処しました。
[Security Fix]
- MariaDB のコンポーネント (サブコンポーネント: Client programs) には,
ローカルに一般ユーザーにより、データの更新,挿入,あるいは削除などの不正
アクセス,また部分的なサービス拒否 (部分的な DoS) を可能とする脆弱性があ
ります。 (CVE-2017-3636)
- MariaDB のコンポーネント (サブコンポーネント: Server:DML) には,権限を
持ったリモートの攻撃者により、不正に MariaDB をハングさせる,あるいは頻繁
に繰り返しクラッシュ (DoS) を可能とする脆弱性があります。(CVE-2017-3641)
- MariaDB のコンポーネント (サブコンポーネント: Client mysqldump)には,
リモートの攻撃者によりデータの更新,挿入,あるいは削除などの不正アクセスを
行うことを可能とする脆弱性があります。(CVE-2017-3651)
- MariaDB の コンポーネント (サブコンポーネント: Server:DDL) には,リ
モートの攻撃者が,不正に MariaDB のアクセス可能なデータの更新,挿入,
あるいは削除アクセスを可能とする脆弱性があります。(CVE-2017-3653)
- MariaDB のコンポーネント (サブコンポーネント: Server: Replication)
には,ローカルの権限を持った攻撃者が不正に MariaDB の機密データあるいは
すべての MariaDB のアクセス可能なデータに完全にアクセス可能とする
脆弱性があります。(CVE-2017-10268)
- MariaDB のコンポーネント (サブコンポーネント:Server: Optimizer) には,
不正に MariaDB をハングさせる,あるいは頻繁に繰り返しクラッシュさせる
(完全な DoS) を引き起こすことが可能な脆弱性があります。
(CVE-2017-10378)
- MariaDB のコンポーネント (サブコンポーネント: Client programs) には,
不正に機密データあるいは MariaDB のアクセス可能なデータに完全にアクセス
を可能とする脆弱性があります。(CVE-2017-10379)
- MariaDB のコンポーネント (サブコンポーネント: Server: DLL) には,リ
モートの攻撃者が不正に MariaDB のハングあるいは頻繁に繰り返しクラッシュ
(完全な DoS) を引き起こすことが可能な脆弱性があります。(CVE-2017-10384)
- MariaDB のコンポーネント (サブコンポーネント: Server: Partition) には,
MariaDB のハングあるいは頻繁に繰り返すクラッシュ (完全な DoS),また不正に
MariaDB のアクセス可能なデータの一部の更新,挿入,あるいは削除アクセスを
可能とする脆弱性があります。(CVE-2018-2562)
- MariaDB のコンポーネント (サブコンポーネント: Server: DDL) には,リモー
トの攻撃者が,不正に MariaDB のハングあるいは頻繁に繰り返しクラッシュ (完
全な DoS) を引き起こすことが可能な脆弱性があります。(CVE-2018-2622)
- MariaDB のコンポーネント (サブコンポーネント: Server: Optimizer) に
は,リモートの攻撃者が不正に MariaDB のハングあるいは頻繁に繰り返しクラッ
シュ (完全な DoS) を引き起こすことが可能な脆弱性があります。
(CVE-2018-2640)
- MariaDB のコンポーネント (サブコンポーネント: Server: Optimizer) に
は,リモートの攻撃者が不正に MariaDB のハングあるいは頻繁に繰り返しクラッ
シュ (完全な DoS) を引き起こすことが可能な脆弱性があります。
(CVE-2018-2665)
- MariaDB のコンポーネント (サブコンポーネント: Server: Optimizer) に
は,リモートの攻撃者が不正に MariaDB サーバのハングあるいは頻繁に繰り返
しクラッシュ (完全な DoS) を引き起こすことが可能な脆弱性があります。
(CVE-2018-2668)
- MariaDB のコンポーネント (subcomponent: Server: Replication) には,
ローカルの攻撃者が MariaDB を乗っ取ることが可能な脆弱性があります。
(CVE-2018-2755)
- MariaDB のコンポーネント (サブコンポーネント: Client programs) には,
リモートの攻撃者が不正に MariaDB サーバのハングあるいは頻繁に繰り返しクラッ
シュ (完全な DoS) を引き起こすことが可能な脆弱性があります。
(CVE-2018-2761)
- MariaDB のコンポーネント (サブコンポーネント: Server: Security:
Encryption) には,リモートの攻撃者が MariaDB のアクセス可能なデータの
サブセットに不正に読み込みを可能とする脆弱性があります。(CVE-2018-2767)
- MariaDB のコンポーネント (サブコンポーネント: Server: Locking) には,
リモートの権限を持った攻撃者が,不正に MariaDB サーバのハングあるいは頻繁
に繰り返しクラッシュ (完全な DoS) を引き起こすことが可能な脆弱性があります。
(CVE-2018-2771)
- MariaDB のコンポーネント (サブコンポーネント: Server: Optimizer) には,
リモートの権限を持った攻撃者が,不正に MariaDB のハングあるいは頻繁に繰り
返しクラッシュ (完全な DoS) を引き起こすことが可能な脆弱性があります。
(CVE-2018-2781)
- MariaDB のコンポーネント (subcomponent: Server: DDL) には,リモートの
攻撃者が不正に MariaDB のアクセス可能なデータのサブセットに読み込みアクセ
スが可能とする脆弱性があります。(CVE-2018-2813)
- MariaDB のコンポーネント (サブコンポーネント: Server: DDL) には,リモー
トの攻撃者が不正に MariaDB のハングあるいは頻繁に繰り返しクラッシュ (完全な
DoS) を引き起こすことが可能な脆弱性があります。(CVE-2018-2817)
- MariaDB のコンポーネント (サブコンポーネント: InnoDB) には,リモートの攻
撃者が不正に MariaDB のハングあるいは頻繁に繰り返しクラッシュ (完全な DoS)
を引き起こすことが可能な脆弱性があります。(CVE-2018-2819)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
パッケージをアップデートしてください。
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
N/A
SRPMS
- mariadb-5.5.60-1.el7.src.rpm
MD5: 918b371663218fd1245f9faef335a825
SHA-256: a772a47f7d890ea1a0e45a87252381f396cf034330d2107e47d6c9d1aa852776
Size: 39.01 MB
Asianux Server 7 for x86_64
- mariadb-5.5.60-1.el7.x86_64.rpm
MD5: d6c78924041f9a3d7e73b26f1ae9a5e1
SHA-256: b63b3ea8944fbdaebd193e42a33255f8989a7de545316171c462b05d0c342a85
Size: 8.72 MB - mariadb-bench-5.5.60-1.el7.x86_64.rpm
MD5: 1da4e8c7fb4ee015007b86e1f1263f9a
SHA-256: 3190d29c04efc0b9db1cda6583ec04ca3b0cb7e74a8a9986eda22ef42fb4dcb3
Size: 387.16 kB - mariadb-devel-5.5.60-1.el7.x86_64.rpm
MD5: 68d659e9e89d1b77b8e75278c28f3e50
SHA-256: f1d94356aeb864334d4a1fedbe9904564a9b4c841f11d615d745d65143c5af12
Size: 753.28 kB - mariadb-libs-5.5.60-1.el7.x86_64.rpm
MD5: ce1de364039d2baec4c51864d7926559
SHA-256: c80e80a448eb7e41b37274ce4f747f144ccc3a2ece23f8ac6f194bce83e76acd
Size: 757.14 kB - mariadb-server-5.5.60-1.el7.x86_64.rpm
MD5: 51c420b969120bfe32fc716f2170fe08
SHA-256: ba3e967e7d1fa981566453f2de1d366c9e4de262fb71fd154226643baa4124e1
Size: 10.78 MB - mariadb-test-5.5.60-1.el7.x86_64.rpm
MD5: 26841c5ed42729e31f0ec50832ae9d29
SHA-256: f7b347f115cd93d3b979ef8575acac1fd59f2c7ff7b21a8074a5ec93e5c7f835
Size: 8.12 MB - mariadb-devel-5.5.60-1.el7.i686.rpm
MD5: 1a2d4059e194d5d4bac4e05d839979c4
SHA-256: c7b4bd203582ed7e271e20d19e750d41c9af72579acf10d8336bd7ea4a629a3e
Size: 753.31 kB - mariadb-libs-5.5.60-1.el7.i686.rpm
MD5: 4fffbbe540157f96971ad573e4900c9d
SHA-256: bc1ad41e10bed5d21b3bbdf0aabe1ce6580a3bb1123d244b7a0cc408a2ef2918
Size: 756.96 kB