Forum: 1st Choice Core

MariaDB vulnerabilities

From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, November 20, 2019 18:00:09

mariadb vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 19.10
* Ubuntu 19.04
* Ubuntu 18.04 LTS

Summary

Several security issues were fixed in MariaDB

Software Description

* mariadb-10.3 - MariaDB database
* mariadb-10.1 - MariaDB database

Details

USN-4195-1 fixed multiple vulnerabilities in MySQL. This update
provides the corresponding fixes for CVE-2019-2974 in MariaDB 10.1
and CVE-2019-2938, CVE-2019-2974 for MariaDB 10.3.

Ubuntu 18.04 LTS has been updated to MariaDB 10.1.43. Ubuntu 19.04
and 19.10 has been updated to MariaDB 10.3.20.

In addition to security fixes, the updated package contain bug
fixes, new features, and possibly incompatible changes.

Please see the following for more information:
https://mariadb.com/kb/en/library/mariadb-10143-changelog/
https://mariadb.com/kb/en/library/mariadb-10143-release-notes/
https://mariadb.com/kb/en/library/mariadb-10320-changelog/
https://mariadb.com/kb/en/library/mariadb-10320-release-notes/

Original advisory details:

Multiple security issues were discovered in MySQL and this update
includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL
5.7.28.

In addition to security fixes, the updated packages contain bug
fixes, new features, and possibly incompatible changes.

Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html
https://www.oracle.com/security-alerts/cpuoct2019.html

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 19.10
libmariadb-dev - 1:10.3.20-0ubuntu0.19.10.1
libmariadb-dev-compat - 1:10.3.20-0ubuntu0.19.10.1
libmariadb3 - 1:10.3.20-0ubuntu0.19.10.1
libmariadbclient-dev - 1:10.3.20-0ubuntu0.19.10.1
libmariadbd-dev - 1:10.3.20-0ubuntu0.19.10.1
libmariadbd19 - 1:10.3.20-0ubuntu0.19.10.1
mariadb-backup - 1:10.3.20-0ubuntu0.19.10.1
mariadb-client - 1:10.3.20-0ubuntu0.19.10.1
mariadb-client-10.3 - 1:10.3.20-0ubuntu0.19.10.1
mariadb-client-core-10.3 - 1:10.3.20-0ubuntu0.19.10.1
mariadb-common - 1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-connect - 1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-cracklib-password-check -
1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-gssapi-client - 1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-gssapi-server - 1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-mroonga - 1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-oqgraph - 1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-rocksdb - 1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-spider - 1:10.3.20-0ubuntu0.19.10.1
mariadb-plugin-tokudb - 1:10.3.20-0ubuntu0.19.10.1
mariadb-server - 1:10.3.20-0ubuntu0.19.10.1
mariadb-server-10.3 - 1:10.3.20-0ubuntu0.19.10.1
mariadb-server-core-10.3 - 1:10.3.20-0ubuntu0.19.10.1
mariadb-test - 1:10.3.20-0ubuntu0.19.10.1
mariadb-test-data - 1:10.3.20-0ubuntu0.19.10.1

Ubuntu 19.04
libmariadb-dev - 1:10.3.20-0ubuntu0.19.04.1
libmariadb-dev-compat - 1:10.3.20-0ubuntu0.19.04.1
libmariadb3 - 1:10.3.20-0ubuntu0.19.04.1
libmariadbclient-dev - 1:10.3.20-0ubuntu0.19.04.1
libmariadbd-dev - 1:10.3.20-0ubuntu0.19.04.1
libmariadbd19 - 1:10.3.20-0ubuntu0.19.04.1
mariadb-backup - 1:10.3.20-0ubuntu0.19.04.1
mariadb-client - 1:10.3.20-0ubuntu0.19.04.1
mariadb-client-10.3 - 1:10.3.20-0ubuntu0.19.04.1
mariadb-client-core-10.3 - 1:10.3.20-0ubuntu0.19.04.1
mariadb-common - 1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-connect - 1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-cracklib-password-check -
1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-gssapi-client - 1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-gssapi-server - 1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-mroonga - 1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-oqgraph - 1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-rocksdb - 1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-spider - 1:10.3.20-0ubuntu0.19.04.1
mariadb-plugin-tokudb - 1:10.3.20-0ubuntu0.19.04.1
mariadb-server - 1:10.3.20-0ubuntu0.19.04.1
mariadb-server-10.3 - 1:10.3.20-0ubuntu0.19.04.1
mariadb-server-core-10.3 - 1:10.3.20-0ubuntu0.19.04.1
mariadb-test - 1:10.3.20-0ubuntu0.19.04.1
mariadb-test-data - 1:10.3.20-0ubuntu0.19.04.1

Ubuntu 18.04 LTS
libmariadbclient-dev - 1:10.1.43-0ubuntu0.18.04.1
libmariadbclient-dev-compat - 1:10.1.43-0ubuntu0.18.04.1
libmariadbclient18 - 1:10.1.43-0ubuntu0.18.04.1
libmariadbd-dev - 1:10.1.43-0ubuntu0.18.04.1
libmariadbd18 - 1:10.1.43-0ubuntu0.18.04.1
mariadb-client - 1:10.1.43-0ubuntu0.18.04.1
mariadb-client-10.1 - 1:10.1.43-0ubuntu0.18.04.1
mariadb-client-core-10.1 - 1:10.1.43-0ubuntu0.18.04.1
mariadb-common - 1:10.1.43-0ubuntu0.18.04.1
mariadb-plugin-connect - 1:10.1.43-0ubuntu0.18.04.1
mariadb-plugin-cracklib-password-check -
1:10.1.43-0ubuntu0.18.04.1
mariadb-plugin-gssapi-client - 1:10.1.43-0ubuntu0.18.04.1
mariadb-plugin-gssapi-server - 1:10.1.43-0ubuntu0.18.04.1
mariadb-plugin-mroonga - 1:10.1.43-0ubuntu0.18.04.1
mariadb-plugin-oqgraph - 1:10.1.43-0ubuntu0.18.04.1
mariadb-plugin-spider - 1:10.1.43-0ubuntu0.18.04.1
mariadb-plugin-tokudb - 1:10.1.43-0ubuntu0.18.04.1
mariadb-server - 1:10.1.43-0ubuntu0.18.04.1
mariadb-server-10.1 - 1:10.1.43-0ubuntu0.18.04.1
mariadb-server-core-10.1 - 1:10.1.43-0ubuntu0.18.04.1
mariadb-test - 1:10.1.43-0ubuntu0.18.04.1
mariadb-test-data - 1:10.1.43-0ubuntu0.18.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update will make all the
necessary changes.

References

* USN-4195-1
* CVE-2019-2938
* CVE-2019-2974

--- Mystic BBS v1.12 A43 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

From boo_ubuntu@21:4/110 to Ubuntu Users on Tuesday, October 27, 2020 16:10:03

mariadb-10.1, mariadb-10.3 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 20.04 LTS
* Ubuntu 18.04 LTS

Summary

Several security issues were fixed in MariaDB.

Software Description

* mariadb-10.3 - MariaDB database
* mariadb-10.1 - MariaDB database

Details

It was discovered that MariaDB didn't properly validate the
content of a packet received from a server. A remote attacker
could use this vulnerability to sent a specialy crafted file to
cause a denial of service. (CVE-2020-13249)

It was discovered that MariaDB has other security issues. An
attacker can cause a hang or frequently repeatable crash (denial
of service). (CVE-2020-15180, CVE-2020-2752, CVE-2020-2760,
CVE-2020-2812, CVE-2020-2814)

In addition to security fixes, the updated packages contain bug
fixes, new features, and possibly incompatible changes.

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 20.04 LTS
mariadb-server - 1:10.3.25-0ubuntu0.20.04.1

Ubuntu 18.04 LTS
mariadb-server - 1:10.1.47-0ubuntu0.18.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart
MariaDB to make all the necessary changes.

References

* CVE-2020-13249
* CVE-2020-15180
* CVE-2020-2752
* CVE-2020-2760
* CVE-2020-2812
* CVE-2020-2814

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

Who's Online

System Info

Sysop:	sneaky
Location:	Ashburton,NZ
Users:	3
Nodes:	8 (0 / 8)
Uptime:	47:18:04
Calls:	2,140
Calls today:	5
Files:	11,149
D/L today:	10 files (9,977K bytes)
Messages:	951,151

MariaDB vulnerabilities

Who's Online

System Info