8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
0.005 Low
EPSS
Percentile
75.0%
MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
The following packages have been upgraded to a later upstream version: rh-mariadb102-mariadb (10.2.22), rh-mariadb102-galera (25.3.25).
Security Fix(es):
mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)
mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks (CVE-2017-15365)
mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)
mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612)
mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)
mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jan 2018) (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)
mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)
mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2819)
mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)
mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)
mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)
mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2813, CVE-2018-2817)
mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)
mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2018) (CVE-2018-3060, CVE-2018-3064)
mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063)
mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)
mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) (CVE-2018-3133)
mysql: InnoDB multiple unspecified vulnerabilities (CPU Oct 2018) (CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3284)
mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)
mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2455)
mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)
mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)
mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537)
mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)
mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) (CVE-2018-3174)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
SELinux blocks working in /tmp directory for wsrep_recover_position function (BZ#1701252)
mysql faces a bug which prevents bacula from functioning (BZ#1701254)
GSSAPI module build fix - backport request (BZ#1701257)
Deadlock in RNG initialization in the FIPS mode on some circumstances (BZ#1701258)
Use appropriate version of Galera (BZ#1704162)
Encountered WSREP: BF lock wait long for trx MariaDB 10.2.8 (BZ#1709233)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:P/A:C
0.005 Low
EPSS
Percentile
75.0%