[Buildroot] [PATCH-2018.02.x 2/2] mariadb: security bump to version 10.1.37
Peter Korsgaard
peter at korsgaard.com
Sun Nov 25 20:15:26 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> CVE-2018-3282: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Storage Engines). Supported versions that are
> affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12
> and prior. Easily exploitable vulnerability allows high privileged attacker
> with network access via multiple protocols to compromise MySQL Server.
> Successful attacks of this vulnerability can result in unauthorized ability
> to cause a hang or frequently repeatable crash (complete DOS) of MySQL
> Server.
> CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow
> context-dependent attackers to have unspecified impact via vectors involving
> big-endian CRC calculation.
> CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Client programs). Supported versions that are affected are
> 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior.
> Difficult to exploit vulnerability allows high privileged attacker with
> logon to the infrastructure where MySQL Server executes to compromise MySQL
> Server. While the vulnerability is in MySQL Server, attacks may
> significantly impact additional products. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2018-3143: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
> prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2018-3156: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
> prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2018-3251: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
> prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> The README has gotten a few extra URLs added, so update the sha256 to match.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2018.02.x and 2018.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list