Lucene search

K
suseSuseSUSE-SU-2017:2034-1
HistoryAug 03, 2017 - 3:11 p.m.

Security update for mariadb (important)

2017-08-0315:11:47
lists.opensuse.org
47

0.003 Low

EPSS

Percentile

64.5%

This MariaDB update to version 10.0.31 GA fixes the following issues:

Security issues fixed:

  • CVE-2017-3308: Subcomponent: Server: DML: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)
  • CVE-2017-3309: Subcomponent: Server: Optimizer: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)
  • CVE-2017-3453: Subcomponent: Server: Optimizer: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)
  • CVE-2017-3456: Subcomponent: Server: DML: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)
  • CVE-2017-3464: Subcomponent: Server: DDL: Easily "exploitable"
    vulnerability allows low privileged attacker with network access via
    multiple protocols to compromise MariaDB Server. Successful attacks of
    this vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS). (bsc#1048715)

Bug fixes:

  • XtraDB updated to 5.6.36-82.0
  • TokuDB updated to 5.6.36-82.0
  • Innodb updated to 5.6.36
  • Performance Schema updated to 5.6.36

Release notes and changelog:

0.003 Low

EPSS

Percentile

64.5%

Related for SUSE-SU-2017:2034-1