This MariaDB update to version 10.0.31 GA fixes the following issues:
Security issues fixed:
- CVE-2017-3308: Subcomponent: Server: DML: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
- CVE-2017-3309: Subcomponent: Server: Optimizer: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
- CVE-2017-3453: Subcomponent: Server: Optimizer: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
- CVE-2017-3456: Subcomponent: Server: DML: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
- CVE-2017-3464: Subcomponent: Server: DDL: Easily "exploitable"
vulnerability allows low privileged attacker with network access via
multiple protocols to compromise MariaDB Server. Successful attacks of
this vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). (bsc#1048715)
Bug fixes:
- XtraDB updated to 5.6.36-82.0
- TokuDB updated to 5.6.36-82.0
- Innodb updated to 5.6.36
- Performance Schema updated to 5.6.36
Release notes and changelog: