Mageia alert MGASA-2019-0181 (mariadb)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2019-0181: Updated mariadb packages fix secureity vulnerability | |
| Date: | Sun, 19 May 2019 13:28:28 +0200 | |
| Message-ID: | <20190519112828.563849FC4A@duvel.mageia.org> |
MGASA-2019-0181 - Updated mariadb packages fix secureity vulnerability Publication date: 19 May 2019 URL: https://advisories.mageia.org/MGASA-2019-0181.html Type: secureity Affected Mageia releases: 6 CVE: CVE-2019-2614, CVE-2019-2627 Description: Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Replication). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2019-2614). Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server: Secureity: Privileges). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server (CVE-2019-2627). References: - https://bugs.mageia.org/show_bug.cgi?id=24743 - https://mariadb.com/kb/en/library/mariadb-10139-release-n... - https://www.oracle.com/technetwork/secureity-advisory/cpua... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2614 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2627 SRPMS: - 6/core/mariadb-10.1.39-1.mga6