[Buildroot] [PATCH 1/1] mariadb: security bump version to 10.1.31
Peter Korsgaard
peter at korsgaard.com
Mon Feb 19 19:34:31 UTC 2018
>>>>> "Ryan" == Ryan Coe <bluemrp9 at gmail.com> writes:
> Release notes: https://mariadb.com/kb/en/mariadb-10131-release-notes/
> Changelog: https://mariadb.com/kb/en/mariadb-10131-changelog/
> Fixes the following security vulnerabilities:
> CVE-2018-2562 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server : Partition). Supported versions that are affected are
> 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via multiple
> protocols to compromise MySQL Server. Successful attacks of this vulnerability
> can result in unauthorized ability to cause a hang or frequently repeatable
> crash (complete DOS) of MySQL Server as well as unauthorized update, insert or
> delete access to some of MySQL Server accessible data.
> CVE-2018-2622 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58
> and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via multiple
> protocols to compromise MySQL Server. Successful attacks of this vulnerability
> can result in unauthorized ability to cause a hang or frequently repeatable
> crash (complete DOS) of MySQL Server.
> CVE-2018-2640 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Optimizer). Supported versions that are affected are
> 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via multiple
> protocols to compromise MySQL Server. Successful attacks of this vulnerability
> can result in unauthorized ability to cause a hang or frequently repeatable
> crash (complete DOS) of MySQL Server.
> CVE-2018-2665 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Optimizer). Supported versions that are affected are
> 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via multiple
> protocols to compromise MySQL Server. Successful attacks of this vulnerability
> can result in unauthorized ability to cause a hang or frequently repeatable
> crash (complete DOS) of MySQL Server.
> CVE-2018-2668 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Optimizer). Supported versions that are affected are
> 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via multiple
> protocols to compromise MySQL Server. Successful attacks of this vulnerability
> can result in unauthorized ability to cause a hang or frequently repeatable
> crash (complete DOS) of MySQL Server.
> CVE-2018-2612 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and
> prior and 5.7.20 and prior. Easily exploitable vulnerability allows high
> privileged attacker with network access via multiple protocols to compromise
> MySQL Server. Successful attacks of this vulnerability can result in
> unauthorized creation, deletion or modification access to critical data or all
> MySQL Server accessible data and unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> Signed-off-by: Ryan Coe <bluemrp9 at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list