[Buildroot] [PATCH 1/1] mariadb: security bump version to 10.1.31

Peter Korsgaard peter at korsgaard.com
Mon Feb 19 19:34:31 UTC 2018


>>>>> "Ryan" == Ryan Coe <bluemrp9 at gmail.com> writes:

 > Release notes: https://mariadb.com/kb/en/mariadb-10131-release-notes/
 > Changelog: https://mariadb.com/kb/en/mariadb-10131-changelog/

 > Fixes the following security vulnerabilities:

 > CVE-2018-2562 - Vulnerability in the MySQL Server component of Oracle MySQL
 > (subcomponent: Server : Partition). Supported versions that are affected are
 > 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable
 > vulnerability allows low privileged attacker with network access via multiple
 > protocols to compromise MySQL Server. Successful attacks of this vulnerability
 > can result in unauthorized ability to cause a hang or frequently repeatable
 > crash (complete DOS) of MySQL Server as well as unauthorized update, insert or
 > delete access to some of MySQL Server accessible data.

 > CVE-2018-2622 - Vulnerability in the MySQL Server component of Oracle MySQL
 > (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58
 > and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
 > vulnerability allows low privileged attacker with network access via multiple
 > protocols to compromise MySQL Server. Successful attacks of this vulnerability
 > can result in unauthorized ability to cause a hang or frequently repeatable
 > crash (complete DOS) of MySQL Server.

 > CVE-2018-2640 - Vulnerability in the MySQL Server component of Oracle MySQL
 > (subcomponent: Server: Optimizer). Supported versions that are affected are
 > 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
 > vulnerability allows low privileged attacker with network access via multiple
 > protocols to compromise MySQL Server. Successful attacks of this vulnerability
 > can result in unauthorized ability to cause a hang or frequently repeatable
 > crash (complete DOS) of MySQL Server.

 > CVE-2018-2665 - Vulnerability in the MySQL Server component of Oracle MySQL
 > (subcomponent: Server: Optimizer). Supported versions that are affected are
 > 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
 > vulnerability allows low privileged attacker with network access via multiple
 > protocols to compromise MySQL Server. Successful attacks of this vulnerability
 > can result in unauthorized ability to cause a hang or frequently repeatable
 > crash (complete DOS) of MySQL Server.

 > CVE-2018-2668 - Vulnerability in the MySQL Server component of Oracle MySQL
 > (subcomponent: Server: Optimizer). Supported versions that are affected are
 > 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
 > vulnerability allows low privileged attacker with network access via multiple
 > protocols to compromise MySQL Server. Successful attacks of this vulnerability
 > can result in unauthorized ability to cause a hang or frequently repeatable
 > crash (complete DOS) of MySQL Server.

 > CVE-2018-2612 - Vulnerability in the MySQL Server component of Oracle MySQL
 > (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and
 > prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
 > privileged attacker with network access via multiple protocols to compromise
 > MySQL Server. Successful attacks of this vulnerability can result in
 > unauthorized creation, deletion or modification access to critical data or all
 > MySQL Server accessible data and unauthorized ability to cause a hang or
 > frequently repeatable crash (complete DOS) of MySQL Server.

 > Signed-off-by: Ryan Coe <bluemrp9 at gmail.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list