[Buildroot] [PATCH 1/1] package/mariadb: security bump to 10.3.22
Peter Korsgaard
peter at korsgaard.com
Tue Mar 10 20:40:41 UTC 2020
>>>>> "Ryan" == Ryan Coe <bluemrp9 at gmail.com> writes:
> Release notes:
> https://mariadb.com/kb/en/library/mariadb-10322-release-notes/
> Changelog:
> https://mariadb.com/kb/en/library/mariadb-10322-changelog/
> Fixes the following security vulnerability (10.3.22):
> CVE-2020-2574 - Vulnerability in the MySQL Client product of Oracle MySQL
> (component: C API). Supported versions that are affected are 5.6.46 and
> prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit
> vulnerability allows unauthenticated attacker with network access via
> multiple protocols to compromise MySQL Client. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Client.
> Fixes the following security vulnerabilities (10.3.19):
> CVE-2019-2974 - Vulnerability in the MySQL Server product of Oracle MySQL
> (component: Server: Optimizer). Supported versions that are affected are
> 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2019-2938 - Vulnerability in the MySQL Server product of Oracle MySQL
> (component: InnoDB). Supported versions that are affected are 5.7.27 and
> prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high
> privileged attacker with network access via multiple protocols to compromise
> MySQL Server. Successful attacks of this vulnerability can result in
> unauthorized ability to cause a hang or frequently repeatable crash
> (complete DOS) of MySQL Server.
> Patch 0002-fix-build-error-with-newer-cmake.patch has been removed as it
> has been applied upstream.
> Signed-off-by: Ryan Coe <bluemrp9 at gmail.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list