You are here
Home > Preporuke > Sigurnosni nedostatak programskih paketa mariadb-10.1 i mariadb-10.3

Sigurnosni nedostatak programskih paketa mariadb-10.1 i mariadb-10.3

==========================================================================
Ubuntu Security Notice USN-4250-2
February 06, 2020

mariadb-10.1, mariadb-10.3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS

Summary:

MariaDB clients could be made to crash if they received specially
crafted input.

Software Description:
– mariadb-10.3: MariaDB database
– mariadb-10.1: MariaDB database

Details:

It was discovered that an unspecified vulnerability existed in the C API
component of MariaDB. An attacker could use this to cause a denial of
service for MariaDB clients.

MariaDB has been updated to 10.3.22 in Ubuntu 19.10 and 10.1.44 in
Ubuntu 18.04 LTS.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
libmariadb3 1:10.3.22-0ubuntu0.19.10.1
libmariadbd19 1:10.3.22-0ubuntu0.19.10.1
mariadb-client 1:10.3.22-0ubuntu0.19.10.1
mariadb-client-10.3 1:10.3.22-0ubuntu0.19.10.1
mariadb-client-core-10.3 1:10.3.22-0ubuntu0.19.10.1
mariadb-common 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-connect 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-cracklib-password-check 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-gssapi-client 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-gssapi-server 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-mroonga 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-oqgraph 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-rocksdb 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-spider 1:10.3.22-0ubuntu0.19.10.1
mariadb-plugin-tokudb 1:10.3.22-0ubuntu0.19.10.1
mariadb-server 1:10.3.22-0ubuntu0.19.10.1
mariadb-server-10.3 1:10.3.22-0ubuntu0.19.10.1
mariadb-server-core-10.3 1:10.3.22-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
libmariadbclient18 1:10.1.44-0ubuntu0.18.04.1
libmariadbd18 1:10.1.44-0ubuntu0.18.04.1
mariadb-client 1:10.1.44-0ubuntu0.18.04.1
mariadb-client-10.1 1:10.1.44-0ubuntu0.18.04.1
mariadb-client-core-10.1 1:10.1.44-0ubuntu0.18.04.1
mariadb-common 1:10.1.44-0ubuntu0.18.04.1
mariadb-plugin-connect 1:10.1.44-0ubuntu0.18.04.1
mariadb-plugin-cracklib-password-check 1:10.1.44-0ubuntu0.18.04.1
mariadb-plugin-gssapi-client 1:10.1.44-0ubuntu0.18.04.1
mariadb-plugin-gssapi-server 1:10.1.44-0ubuntu0.18.04.1
mariadb-plugin-mroonga 1:10.1.44-0ubuntu0.18.04.1
mariadb-plugin-oqgraph 1:10.1.44-0ubuntu0.18.04.1
mariadb-plugin-spider 1:10.1.44-0ubuntu0.18.04.1
mariadb-plugin-tokudb 1:10.1.44-0ubuntu0.18.04.1
mariadb-server 1:10.1.44-0ubuntu0.18.04.1
mariadb-server-10.1 1:10.1.44-0ubuntu0.18.04.1
mariadb-server-core-10.1 1:10.1.44-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary

References:
https://usn.ubuntu.com/4250-2
https://usn.ubuntu.com/4250-1
CVE-2020-2574, https://mariadb.com/kb/en/mariadb-10144-release-notes/, https://mariadb.com/kb/en/mariadb-10322-release-notes/

Package Information:
https://launchpad.net/ubuntu/+source/mariadb-10.3/1:10.3.22-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/mariadb-10.1/1:10.1.44-0ubuntu0.18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl48uGUACgkQLwmejQBe
gfRpxQ//fgygE7iKlzF0TVhU2E53Ni+byUT8dilZkBvdxJqrKPN74axxlYcDZTPc
pst9ki1wG8uGbkS8qxX6fGAfkBA6VNNmHaW9Xmur+l1mnSvVCK46VhqJAPcFqg9N
DKJIgV/V0rFs7T4pCKfyTa0dHFN3+/0A/rVAeIJLVr+xHAuRpKXN3YSsV5+O+7dA
LEdkjsQzjccvSTmADRW8yPp94lqDEd9WAbApWDH3vK/i+DLSrKFNbS7g0WOvg3OU
sNlGSxsx3C8+diGs1oAGsgY55Xn5BV1LtSMdXnkTNBtn9AeyJZZ7UsluwMDSdiMO
RieW86OCJ/REKoPx4mJw7b1nfAO6tSmEi+lJ2+igxH++IkEoDOwmLGKeinGjjp8W
tEtQ/wPh8xaP/T2zaBdWlSAp0l4WKLhG8jGh7iuFErjcTzNl1ZLyLibY2k3aQAmY
DuKFkcSWdfWvWz8dGf1px6kGatrEyqPS7KLO4BqV2Dmpg8FkwdXF9Ym2g0YkY/vS
5GCvms/Z3vhfH8EI76UrC4vVWRY9Zec8GbZVYfXwR6fDNlpDelaxJVJBdRIdrrRb
HItMAX1Q31QRxEbcWX/AN+NKWQ1VUufTaMPnpZag7Q3GBxqry+g/KVkr6yTrhclw
CG00DSfXAFqEli8JoaRebMBxq1BxKzJi+VBMQDocABk8cW0MjIE=
=z4xA
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libxmlrpc3

Otkriven je sigurnosni nedostatak u programskoj biblioteci libxmlrpc3 za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close