Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2019:1258
HistoryMay 21, 2019 - 7:37 p.m.

(RHSA-2019:1258) Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update

2019-05-2119:37:40
access.redhat.com
102

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

0.005 Low

EPSS

Percentile

75.0%

JSON

MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version: rh-mariadb102-mariadb (10.2.22), rh-mariadb102-galera (25.3.25).

Security Fix(es):

  • mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378)

  • mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks (CVE-2017-15365)

  • mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2018) (CVE-2018-2612)

  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622)

  • mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jan 2018) (CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755)

  • mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2819)

  • mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761)

  • mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781)

  • mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2018) (CVE-2018-2813, CVE-2018-2817)

  • mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058)

  • mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2018) (CVE-2018-3060, CVE-2018-3064)

  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063)

  • mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081)

  • mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) (CVE-2018-3133)

  • mysql: InnoDB multiple unspecified vulnerabilities (CPU Oct 2018) (CVE-2018-3143, CVE-2018-3156, CVE-2018-3162, CVE-2018-3173, CVE-2018-3185, CVE-2018-3200, CVE-2018-3251, CVE-2018-3277, CVE-2018-3284)

  • mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282)

  • mysql: Server: Parser unspecified vulnerability (CPU Jan 2019) (CVE-2019-2455)

  • mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503)

  • mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)

  • mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537)

  • mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)

  • mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) (CVE-2018-3174)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • SELinux blocks working in /tmp directory for wsrep_recover_position function (BZ#1701252)

  • mysql faces a bug which prevents bacula from functioning (BZ#1701254)

  • GSSAPI module build fix - backport request (BZ#1701257)

  • Deadlock in RNG initialization in the FIPS mode on some circumstances (BZ#1701258)

  • Use appropriate version of Galera (BZ#1704162)

  • Encountered WSREP: BF lock wait long for trx MariaDB 10.2.8 (BZ#1709233)

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-mariadb102-mariadb-common< 10.2.22-1.el7rh-mariadb102-mariadb-common-10.2.22-1.el7.x86_64.rpm
RedHat7ppc64lerh-mariadb102-mariadb-oqgraph-engine< 10.2.22-1.el7rh-mariadb102-mariadb-oqgraph-engine-10.2.22-1.el7.ppc64le.rpm
RedHat7x86_64rh-mariadb102-mariadb-gssapi-server< 10.2.22-1.el7rh-mariadb102-mariadb-gssapi-server-10.2.22-1.el7.x86_64.rpm
RedHat7s390xrh-mariadb102-mariadb-server< 10.2.22-1.el7rh-mariadb102-mariadb-server-10.2.22-1.el7.s390x.rpm
RedHat7ppc64lerh-mariadb102-mariadb-backup-syspaths< 10.2.22-1.el7rh-mariadb102-mariadb-backup-syspaths-10.2.22-1.el7.ppc64le.rpm
RedHat7s390xrh-mariadb102-mariadb-errmsg< 10.2.22-1.el7rh-mariadb102-mariadb-errmsg-10.2.22-1.el7.s390x.rpm
RedHat7ppc64lerh-mariadb102-galera< 25.3.25-1.el7rh-mariadb102-galera-25.3.25-1.el7.ppc64le.rpm
RedHat6x86_64rh-mariadb102-mariadb-oqgraph-engine< 10.2.22-1.el6rh-mariadb102-mariadb-oqgraph-engine-10.2.22-1.el6.x86_64.rpm
RedHat7ppc64lerh-mariadb102-mariadb-errmsg< 10.2.22-1.el7rh-mariadb102-mariadb-errmsg-10.2.22-1.el7.ppc64le.rpm
RedHat6x86_64rh-mariadb102-mariadb-errmsg< 10.2.22-1.el6rh-mariadb102-mariadb-errmsg-10.2.22-1.el6.x86_64.rpm
Rows per page:
1-10 of 1151

Related

debian 12
openvas 55
fedora 11
nessus 79
osv 9
rosalinux 2
mageia 4
altlinux 5
suse 6
gentoo 1
slackware 3
redhat 2
centos 1
ubuntu 3
amazon 3
oraclelinux 1
ibm 1
f5 1
debian
debian
[SECURITY] [DSA 4341-1] mariadb-10.1 security update
2018-11-19 21:44:57
[SECURITY] [DSA 4341-1] mariadb-10.1 security update
2018-11-19 21:44:57
[SECURITY] [DLA 1407-1] mariadb-10.0 security update
2018-06-29 08:42:02
openvas
openvas
Fedora Update for mariadb FEDORA-2018-55b875c1ac
2018-11-20 00:00:00
Fedora Update for mariadb FEDORA-2018-192148f4ff
2018-12-04 00:00:00
Debian: Security Advisory (DSA-4341-1)
2018-11-18 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: mariadb-10.2.19-1.fc28
2018-11-19 01:53:27
[SECURITY] Fedora 27 Update: mariadb-10.2.19-1.fc27
2018-11-27 03:13:42
[SECURITY] Fedora 28 Update: mariadb-10.2.17-1.fc28
2018-08-31 21:17:15
nessus
nessus
Debian DSA-4341-1 : mariadb-10.1 - security update
2018-11-20 00:00:00
Debian DLA-1407-1 : mariadb-10.0 security update
2018-07-02 00:00:00
GLSA-201908-24 : MariaDB, MySQL: Multiple vulnerabilities
2019-08-20 00:00:00
osv
osv
mariadb-10.1 - security update
2018-11-19 00:00:00
mariadb-10.0 - security update
2018-06-29 00:00:00
mariadb-10.0 - security update
2018-11-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2251
2023-10-21 14:46:06
Advisory ROSA-SA-2023-2250
2023-10-21 13:39:47
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2018-06-04 18:11:47
Updated mariadb packages fix security vulnerabilities
2018-05-29 22:41:14
Updated mariadb packages fix security vulnerability
2018-02-25 02:25:24
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.33-alt1
2018-05-23 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.3.11-alt1
2018-11-28 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.3.9-alt1
2018-08-19 00:00:00
suse
suse
Security update for mariadb (important)
2019-03-14 00:00:00
Security update for mariadb (moderate)
2018-06-08 00:11:54
Security update for mariadb (important)
2018-03-15 21:07:44
gentoo
gentoo
MariaDB, MySQL: Multiple vulnerabilities
2019-08-18 00:00:00
slackware
slackware
[slackware-security] mariadb
2018-05-10 21:14:32
[slackware-security] mariadb
2018-02-01 18:52:40
[slackware-security] mariadb
2018-11-06 04:16:18
redhat
redhat
(RHSA-2018:2439) Moderate: mariadb security and bug fix update
2018-08-16 12:46:48
(RHSA-2018:1254) Moderate: rh-mysql56-mysql security update
2018-04-26 06:59:23
centos
centos
mariadb security update
2018-08-21 01:08:00
ubuntu
ubuntu
MySQL vulnerabilities
2018-01-25 00:00:00
MySQL vulnerabilities
2018-04-25 00:00:00
MySQL vulnerabilities
2018-10-23 00:00:00
amazon
amazon
Medium: mysql56
2018-05-25 18:26:00
Medium: mariadb
2018-09-12 22:57:00
Medium: mysql55
2018-05-25 18:26:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2018-08-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM
2018-12-17 14:30:02
f5
f5
K32702281 : Oracle MySQL vulnerabilities CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, and CVE-2018-2787
2018-04-24 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

0.005 Low

EPSS

Percentile

75.0%

JSON
Related for RHSA-2019:1258
debian12openvas55fedora11nessus79osv9rosalinux2mageia4altlinux5suse6gentoo1slackware3redhat2centos1ubuntu3amazon3oraclelinux1ibm1f51