Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2018:2439
HistoryAug 16, 2018 - 12:46 p.m.

(RHSA-2018:2439) Moderate: mariadb security and bug fix update

2018-08-1612:46:48
access.redhat.com
171

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

0.005 Low

EPSS

Percentile

75.0%

JSON

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085)

Security Fix(es):

  • mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636)

  • mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641)

  • mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651)

  • mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)

  • mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379)

  • mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384)

  • mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)

  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668)

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  • mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)

  • mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813)

  • mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817)

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819)

  • mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653)

  • mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
OSVersionArchitecturePackageVersionFilename
RedHat7s390xmariadb-devel< 5.5.60-1.el7_5mariadb-devel-5.5.60-1.el7_5.s390x.rpm
RedHat7aarch64mariadb-bench< 5.5.60-1.el7_5mariadb-bench-5.5.60-1.el7_5.aarch64.rpm
RedHat7s390mariadb-embedded< 5.5.60-1.el7_5mariadb-embedded-5.5.60-1.el7_5.s390.rpm
RedHat7s390mariadb-devel< 5.5.60-1.el7_5mariadb-devel-5.5.60-1.el7_5.s390.rpm
RedHat7ppc64lemariadb-bench< 5.5.60-1.el7_5mariadb-bench-5.5.60-1.el7_5.ppc64le.rpm
RedHat7i686mariadb-embedded-devel< 5.5.60-1.el7_5mariadb-embedded-devel-5.5.60-1.el7_5.i686.rpm
RedHat7aarch64mariadb-embedded-devel< 5.5.60-1.el7_5mariadb-embedded-devel-5.5.60-1.el7_5.aarch64.rpm
RedHat7ppc64mariadb-bench< 5.5.60-1.el7_5mariadb-bench-5.5.60-1.el7_5.ppc64.rpm
RedHat7s390xmariadb-debuginfo< 5.5.60-1.el7_5mariadb-debuginfo-5.5.60-1.el7_5.s390x.rpm
RedHat7ppcmariadb-devel< 5.5.60-1.el7_5mariadb-devel-5.5.60-1.el7_5.ppc.rpm
Rows per page:
1-10 of 601

Related

nessus 83
amazon 5
oraclelinux 1
openvas 54
centos 1
ibm 1
redhat 1
debian 15
suse 6
osv 11
ubuntu 3
mageia 6
altlinux 3
fedora 3
slackware 4
rosalinux 1
f5 1
nessus
nessus
Amazon Linux 2 : mariadb (ALAS-2018-1078)
2018-09-19 00:00:00
Scientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)
2018-08-17 00:00:00
RHEL 7 : mariadb (RHSA-2018:2439)
2018-08-17 00:00:00
amazon
amazon
Medium: mariadb
2018-09-12 22:57:00
Medium: mysql55
2017-12-05 21:54:00
Medium: mysql55
2018-05-25 18:26:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2018-08-16 00:00:00
openvas
openvas
CentOS Update for mariadb CESA-2018:2439 centos7
2018-08-21 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1303)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1337)
2020-01-23 00:00:00
centos
centos
mariadb security update
2018-08-21 01:08:00
ibm
ibm
Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM
2018-12-17 14:30:02
redhat
redhat
(RHSA-2018:2729) Moderate: Red Hat Enterprise Linux OpenStack Platform security update
2018-09-19 17:36:53
debian
debian
[SECURITY] [DLA 1407-1] mariadb-10.0 security update
2018-06-29 08:42:02
[SECURITY] [DSA 4091-1] mysql-5.5 security update
2018-01-18 20:18:31
[SECURITY] [DLA 1141-1] mysql-5.5 security update
2017-10-19 18:15:56
suse
suse
Security update for mariadb (important)
2018-03-15 21:07:44
Security update for mysql (important)
2017-11-11 00:07:25
Security update for mariadb (important)
2018-03-17 18:08:54
osv
osv
mariadb-10.0 - security update
2018-06-29 00:00:00
mysql-5.5 - security update
2018-01-19 00:00:00
mysql-5.5 - security update
2018-01-18 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2018-01-25 00:00:00
MySQL vulnerabilities
2017-10-30 00:00:00
MySQL vulnerabilities
2018-04-25 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2018-06-04 18:11:47
Updated mariadb packages fix security vulnerability
2018-02-25 02:25:24
Updated mariadb packages fix security vulnerabilities
2018-05-29 22:41:14
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.33-alt1
2018-05-23 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.26-alt1
2017-09-14 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.29-alt1
2017-12-06 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: mariadb-10.2.13-2.fc28
2018-03-30 13:29:13
[SECURITY] Fedora 27 Update: mariadb-10.2.13-2.fc27
2018-03-13 23:26:09
[SECURITY] Fedora 26 Update: mariadb-10.1.32-1.fc26
2018-04-02 12:34:31
slackware
slackware
[slackware-security] mariadb
2018-02-01 18:52:40
[slackware-security] mariadb
2018-05-10 21:14:32
[slackware-security] mariadb
2017-09-08 18:06:32
rosalinux
rosalinux
Advisory ROSA-SA-2023-2250
2023-10-21 13:39:47
f5
f5
K40317110 : MySQL vulnerabilities CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, and CVE-2017-10384
2017-10-27 00:00:00

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

0.005 Low

EPSS

Percentile

75.0%

JSON
Related for RHSA-2018:2439
nessus83amazon5oraclelinux1openvas54centos1ibm1redhat1debian15suse6osv11ubuntu3mageia6altlinux3fedora3slackware4rosalinux1f51