[SECURITY] [DLA 2538-1] mariadb-10.1 security update

2021-01-3121:54:33

lists.debian.org

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

55.3%

JSON

Debian LTS Advisory DLA-2538-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
January 31, 2021 https://wiki.debian.org/LTS

Package : mariadb-10.1
Version : 10.1.48-0+deb9u1
CVE ID : CVE-2020-14765 CVE-2020-14812

Two vulnerabilities were fixed by upgrading the MariaDB database server
packages to the latest version on the 10.1 branch.

For Debian 9 stretch, these problems have been fixed in version
10.1.48-0+deb9u1.

We recommend that you upgrade your mariadb-10.1 packages.

For the detailed security status of mariadb-10.1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mariadb-10.1

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9amd64mariadb-plugin-cracklib-password-check< 10.1.48-0+deb9u1mariadb-plugin-cracklib-password-check_10.1.48-0+deb9u1_amd64.deb
Debian10mipsmariadb-plugin-gssapi-server< 1:10.3.27-0+deb10u1mariadb-plugin-gssapi-server_1:10.3.27-0+deb10u1_mips.deb
Debian10arm64mariadb-client-10.3< 1:10.3.27-0+deb10u1mariadb-client-10.3_1:10.3.27-0+deb10u1_arm64.deb
Debian9arm64mariadb-plugin-connect< 10.1.48-0+deb9u1mariadb-plugin-connect_10.1.48-0+deb9u1_arm64.deb
Debian10mipselmariadb-plugin-cracklib-password-check-dbgsym< 1:10.3.27-0+deb10u1mariadb-plugin-cracklib-password-check-dbgsym_1:10.3.27-0+deb10u1_mipsel.deb
Debian10ppc64elmariadb-plugin-mroonga-dbgsym< 1:10.3.27-0+deb10u1mariadb-plugin-mroonga-dbgsym_1:10.3.27-0+deb10u1_ppc64el.deb
Debian10i386mariadb-plugin-gssapi-client-dbgsym< 1:10.3.27-0+deb10u1mariadb-plugin-gssapi-client-dbgsym_1:10.3.27-0+deb10u1_i386.deb
Debian10i386libmariadb-dev-compat< 1:10.3.27-0+deb10u1libmariadb-dev-compat_1:10.3.27-0+deb10u1_i386.deb
Debian9armelmariadb-plugin-gssapi-server< 10.1.48-0+deb9u1mariadb-plugin-gssapi-server_10.1.48-0+deb9u1_armel.deb
Debian10s390xmariadb-client-10.3< 1:10.3.27-0+deb10u1mariadb-client-10.3_1:10.3.27-0+deb10u1_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	amd64	mariadb-plugin-cracklib-password-check	< 10.1.48-0+deb9u1	mariadb-plugin-cracklib-password-check_10.1.48-0+deb9u1_amd64.deb
Debian	10	mips	mariadb-plugin-gssapi-server	< 1:10.3.27-0+deb10u1	mariadb-plugin-gssapi-server_1:10.3.27-0+deb10u1_mips.deb
Debian	10	arm64	mariadb-client-10.3	< 1:10.3.27-0+deb10u1	mariadb-client-10.3_1:10.3.27-0+deb10u1_arm64.deb
Debian	9	arm64	mariadb-plugin-connect	< 10.1.48-0+deb9u1	mariadb-plugin-connect_10.1.48-0+deb9u1_arm64.deb
Debian	10	mipsel	mariadb-plugin-cracklib-password-check-dbgsym	< 1:10.3.27-0+deb10u1	mariadb-plugin-cracklib-password-check-dbgsym_1:10.3.27-0+deb10u1_mipsel.deb
Debian	10	ppc64el	mariadb-plugin-mroonga-dbgsym	< 1:10.3.27-0+deb10u1	mariadb-plugin-mroonga-dbgsym_1:10.3.27-0+deb10u1_ppc64el.deb
Debian	10	i386	mariadb-plugin-gssapi-client-dbgsym	< 1:10.3.27-0+deb10u1	mariadb-plugin-gssapi-client-dbgsym_1:10.3.27-0+deb10u1_i386.deb
Debian	10	i386	libmariadb-dev-compat	< 1:10.3.27-0+deb10u1	libmariadb-dev-compat_1:10.3.27-0+deb10u1_i386.deb
Debian	9	armel	mariadb-plugin-gssapi-server	< 10.1.48-0+deb9u1	mariadb-plugin-gssapi-server_10.1.48-0+deb9u1_armel.deb
Debian	10	s390x	mariadb-client-10.3	< 1:10.3.27-0+deb10u1	mariadb-client-10.3_1:10.3.27-0+deb10u1_s390x.deb