Lucene search

K

Gentoo FoundationMGASA-2020-0072

HistoryJan 30, 2020 - 9:28 p.m.

Updated mariadb packages fix security vulnerability

2020-01-3021:28:34

Gentoo Foundation

advisories.mageia.org

18

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.4%

Updated MariaDB packages fix security vulnerabilities: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client (CVE-2020-2574). In addtion a new pam subpackge is provided which adds prebuilt pam_user_map For other fixes in this update, see the referenced release notes.

OSVersionArchitecturePackageVersionFilename
Mageia7noarchmariadb< 10.3.22-1mariadb-10.3.22-1.mga7

References

bugs.mageia.org/show_bug.cgi?id=26142

mariadb.com/kb/en/authentication-plugin-pam/

mariadb.com/kb/en/mariadb-10322-release-notes/

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.4%

Related for MGASA-2020-0072