Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:5246
HistoryNov 30, 2020 - 12:02 p.m.

(RHSA-2020:5246) Important: rh-mariadb103-mariadb and rh-mariadb103-galera security update

2020-11-3012:02:34
access.redhat.com
64

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.1%

JSON

MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version: rh-mariadb103-mariadb (10.3.27), rh-mariadb103-galera (25.3.31). (BZ#1894122, BZ#1894124)

Security Fix(es):

  • mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)

  • mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)

  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)

  • mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)

  • mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)

  • mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)

  • mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)

  • mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

  • mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)

  • mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

  • mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)

  • mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)

  • mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

  • mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)

  • mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)

  • mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)

  • mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)

  • mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)

  • mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)

  • mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • mysqld_safe --dry-run doesn’t work as expected (BZ#1894105)

Enhancement(s):

  • [RFE] create separate package providing ha_connect.so plugin for mariadb-server in SCL (BZ#1894114)
OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-mariadb103-mariadb-server-utils-syspaths< 10.3.27-1.el7rh-mariadb103-mariadb-server-utils-syspaths-10.3.27-1.el7.x86_64.rpm
RedHat7x86_64rh-mariadb103-mariadb< 10.3.27-1.el7rh-mariadb103-mariadb-10.3.27-1.el7.x86_64.rpm
RedHat7aarch64rh-mariadb103-mariadb< 10.3.27-1.el7rh-mariadb103-mariadb-10.3.27-1.el7.aarch64.rpm
RedHat7s390xrh-mariadb103-mariadb-server-utils< 10.3.27-1.el7rh-mariadb103-mariadb-server-utils-10.3.27-1.el7.s390x.rpm
RedHat7s390xrh-mariadb103-galera-debuginfo< 25.3.31-1.el7rh-mariadb103-galera-debuginfo-25.3.31-1.el7.s390x.rpm
RedHat7x86_64rh-mariadb103-mariadb-gssapi-server< 10.3.27-1.el7rh-mariadb103-mariadb-gssapi-server-10.3.27-1.el7.x86_64.rpm
RedHat7aarch64rh-mariadb103-mariadb-gssapi-server< 10.3.27-1.el7rh-mariadb103-mariadb-gssapi-server-10.3.27-1.el7.aarch64.rpm
RedHat7ppc64lerh-mariadb103-mariadb-server-galera-syspaths< 10.3.27-1.el7rh-mariadb103-mariadb-server-galera-syspaths-10.3.27-1.el7.ppc64le.rpm
RedHat7aarch64rh-mariadb103-mariadb-server< 10.3.27-1.el7rh-mariadb103-mariadb-server-10.3.27-1.el7.aarch64.rpm
RedHat7x86_64rh-mariadb103-mariadb-server-utils< 10.3.27-1.el7rh-mariadb103-mariadb-server-utils-10.3.27-1.el7.x86_64.rpm
Rows per page:
1-10 of 881

Related

nessus 104
redhat 12
osv 8
rocky 3
oraclelinux 5
almalinux 3
amazon 2
fedora 13
openvas 14
ubuntu 6
suse 7
altlinux 7
centos 2
mageia 5
slackware 2
cloudfoundry 1
gentoo 1
debian 1
photon 1
mariadbunix 1
f5 1
nessus
nessus
RHEL 7 : rh-mariadb103-mariadb and rh-mariadb103-galera (RHSA-2020:5246)
2023-01-23 00:00:00
RHEL 6 / 7 : rh-mariadb102-mariadb and rh-mariadb102-galera (RHSA-2020:4174)
2023-01-23 00:00:00
RHEL 8 : mariadb:10.3 (RHSA-2020:5654)
2020-12-22 00:00:00
redhat
redhat
(RHSA-2020:4174) Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update
2020-10-05 14:48:15
(RHSA-2020:5500) Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
(RHSA-2020:5665) Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-22 08:57:51
osv
osv
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
mariadb-10.1, mariadb-10.3 vulnerabilities
2020-10-27 16:57:58
rocky
rocky
mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
mariadb:10.3 security and bug fix update
2019-11-05 20:53:43
mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
oraclelinux
oraclelinux
mariadb:10.3 security, bug fix, and enhancement update
2020-12-18 00:00:00
mariadb security and bug fix update
2020-10-06 00:00:00
mariadb:10.3 security and bug fix update
2019-11-14 00:00:00
almalinux
almalinux
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
Moderate: mariadb:10.3 security and bug fix update
2019-11-05 00:00:00
Moderate: mariadb-connector-c security, bug fix, and enhancement update
2020-12-15 16:04:12
amazon
amazon
Important: mariadb
2020-10-22 18:28:00
Medium: mysql57
2020-07-27 23:17:00
fedora
fedora
[SECURITY] Fedora 31 Update: mariadb-connector-c-3.1.11-1.fc31
2020-11-11 01:32:32
[SECURITY] Fedora 31 Update: galera-25.3.31-1.fc31
2020-11-11 01:32:31
[SECURITY] Fedora 31 Update: mariadb-10.3.26-1.fc31
2020-11-11 01:32:31
openvas
openvas
Ubuntu Update for mariadb-10.3 USN-4070-3
2019-08-14 00:00:00
openSUSE: Security Advisory for mariadb (openSUSE-SU-2019:2698-1)
2020-01-09 00:00:00
Fedora: Security Advisory for galera (FEDORA-2020-35f52d9370)
2020-06-23 00:00:00
ubuntu
ubuntu
MariaDB vulnerabilities
2019-08-13 00:00:00
MariaDB vulnerabilities
2020-10-27 00:00:00
MariaDB vulnerabilities
2019-08-12 00:00:00
suse
suse
Security update for mariadb (moderate)
2019-12-22 00:00:00
Security update for mariadb (important)
2020-12-15 00:00:00
Security update for mariadb (moderate)
2020-12-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.43-alt1
2020-01-24 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.4.17-alt1
2020-11-13 00:00:00
Security fix for the ALT Linux 9 package mariadb version 10.4.7-alt1
2019-08-11 00:00:00
centos
centos
mariadb security update
2020-10-20 18:30:49
mariadb security update
2020-04-08 18:46:49
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2019-08-18 15:39:41
Updated mariadb packages fix security vulnerabilities
2020-11-08 17:14:27
Updated mariadb packages fix security vulnerability
2020-07-07 14:13:48
slackware
slackware
[slackware-security] mariadb
2019-08-01 21:55:27
[slackware-security] mariadb
2020-05-13 00:12:02
cloudfoundry
cloudfoundry
USN-4070-2: MariaDB vulnerabilities | Cloud Foundry
2019-08-29 00:00:00
gentoo
gentoo
MariaDB: Multiple vulnerabilities
2020-12-07 00:00:00
debian
debian
[SECURITY] [DLA 2538-1] mariadb-10.1 security update
2021-01-31 21:54:33
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0239
2020-05-07 00:00:00
mariadbunix
mariadbunix
MariaDB vulnerabilities
2019-11-20 00:00:00
f5
f5
K33522171 : Multiple MySQL vulnerabilities
2022-01-12 00:00:00

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.1%

JSON
Related for RHSA-2020:5246
nessus104redhat12osv8rocky3oraclelinux5almalinux3amazon2fedora13openvas14ubuntu6suse7altlinux7centos2mageia5slackware2cloudfoundry1gentoo1debian1photon1mariadbunix1f51