(RHSA-2020:5660) Moderate: mariadb-connector-c security, bug fix, and enhancement update

2020-12-2208:40:08

access.redhat.com

159

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.4%

JSON

The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases.

The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898996)

Security Fix(es):

mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Code utilizing plugins can’t be compiled properly (BZ#1899003)
Add “zlib-devel” requirement in “-devel” subpackage (BZ#1899007)
Replace hard-coded /usr with %{_prefix} (BZ#1899101)

OSVersionArchitecturePackageVersionFilename
RedHat8aarch64mariadb-connector-c-devel-debuginfo< 3.1.11-2.el8_1mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_1.aarch64.rpm
RedHat8i686mariadb-connector-c-devel-debuginfo< 3.1.11-2.el8_1mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_1.i686.rpm
RedHat8aarch64mariadb-connector-c-devel< 3.1.11-2.el8_1mariadb-connector-c-devel-3.1.11-2.el8_1.aarch64.rpm
RedHat8aarch64mariadb-connector-c< 3.1.11-2.el8_1mariadb-connector-c-3.1.11-2.el8_1.aarch64.rpm
RedHat8ppc64lemariadb-connector-c-debugsource< 3.1.11-2.el8_1mariadb-connector-c-debugsource-3.1.11-2.el8_1.ppc64le.rpm
RedHat8x86_64mariadb-connector-c-debugsource< 3.1.11-2.el8_1mariadb-connector-c-debugsource-3.1.11-2.el8_1.x86_64.rpm
RedHat8s390xmariadb-connector-c-debuginfo< 3.1.11-2.el8_1mariadb-connector-c-debuginfo-3.1.11-2.el8_1.s390x.rpm
RedHat8ppc64lemariadb-connector-c-debuginfo< 3.1.11-2.el8_1mariadb-connector-c-debuginfo-3.1.11-2.el8_1.ppc64le.rpm
RedHat8ppc64lemariadb-connector-c< 3.1.11-2.el8_1mariadb-connector-c-3.1.11-2.el8_1.ppc64le.rpm
RedHat8x86_64mariadb-connector-c-devel< 3.1.11-2.el8_1mariadb-connector-c-devel-3.1.11-2.el8_1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	aarch64	mariadb-connector-c-devel-debuginfo	< 3.1.11-2.el8_1	mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_1.aarch64.rpm
RedHat	8	i686	mariadb-connector-c-devel-debuginfo	< 3.1.11-2.el8_1	mariadb-connector-c-devel-debuginfo-3.1.11-2.el8_1.i686.rpm
RedHat	8	aarch64	mariadb-connector-c-devel	< 3.1.11-2.el8_1	mariadb-connector-c-devel-3.1.11-2.el8_1.aarch64.rpm
RedHat	8	aarch64	mariadb-connector-c	< 3.1.11-2.el8_1	mariadb-connector-c-3.1.11-2.el8_1.aarch64.rpm
RedHat	8	ppc64le	mariadb-connector-c-debugsource	< 3.1.11-2.el8_1	mariadb-connector-c-debugsource-3.1.11-2.el8_1.ppc64le.rpm
RedHat	8	x86_64	mariadb-connector-c-debugsource	< 3.1.11-2.el8_1	mariadb-connector-c-debugsource-3.1.11-2.el8_1.x86_64.rpm
RedHat	8	s390x	mariadb-connector-c-debuginfo	< 3.1.11-2.el8_1	mariadb-connector-c-debuginfo-3.1.11-2.el8_1.s390x.rpm
RedHat	8	ppc64le	mariadb-connector-c-debuginfo	< 3.1.11-2.el8_1	mariadb-connector-c-debuginfo-3.1.11-2.el8_1.ppc64le.rpm
RedHat	8	ppc64le	mariadb-connector-c	< 3.1.11-2.el8_1	mariadb-connector-c-3.1.11-2.el8_1.ppc64le.rpm
RedHat	8	x86_64	mariadb-connector-c-devel	< 3.1.11-2.el8_1	mariadb-connector-c-devel-3.1.11-2.el8_1.x86_64.rpm