7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
0.005 Low
EPSS
Percentile
75.0%
CentOS Errata and Security Advisory CESA-2018:2439
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)
Security Fix(es):
mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)
mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)
mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)
mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)
mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)
mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)
mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)
mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)
mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)
mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)
mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)
mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)
mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)
mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)
mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)
mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)
mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2018-August/085157.html
Affected packages:
mariadb
mariadb-bench
mariadb-devel
mariadb-embedded
mariadb-embedded-devel
mariadb-libs
mariadb-server
mariadb-test
Upstream details at:
https://access.redhat.com/errata/RHSA-2018:2439
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | mariadb | < 5.5.60-1.el7_5 | mariadb-5.5.60-1.el7_5.x86_64.rpm |
CentOS | 7 | x86_64 | mariadb-bench | < 5.5.60-1.el7_5 | mariadb-bench-5.5.60-1.el7_5.x86_64.rpm |
CentOS | 7 | i686 | mariadb-devel | < 5.5.60-1.el7_5 | mariadb-devel-5.5.60-1.el7_5.i686.rpm |
CentOS | 7 | x86_64 | mariadb-devel | < 5.5.60-1.el7_5 | mariadb-devel-5.5.60-1.el7_5.x86_64.rpm |
CentOS | 7 | i686 | mariadb-embedded | < 5.5.60-1.el7_5 | mariadb-embedded-5.5.60-1.el7_5.i686.rpm |
CentOS | 7 | x86_64 | mariadb-embedded | < 5.5.60-1.el7_5 | mariadb-embedded-5.5.60-1.el7_5.x86_64.rpm |
CentOS | 7 | i686 | mariadb-embedded-devel | < 5.5.60-1.el7_5 | mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm |
CentOS | 7 | x86_64 | mariadb-embedded-devel | < 5.5.60-1.el7_5 | mariadb-embedded-devel-5.5.60-1.el7_5.x86_64.rpm |
CentOS | 7 | i686 | mariadb-libs | < 5.5.60-1.el7_5 | mariadb-libs-5.5.60-1.el7_5.i686.rpm |
CentOS | 7 | x86_64 | mariadb-libs | < 5.5.60-1.el7_5 | mariadb-libs-5.5.60-1.el7_5.x86_64.rpm |
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
0.005 Low
EPSS
Percentile
75.0%