{"id":"MGASA-2018-0259","summary":"Updated mariadb packages fix security vulnerabilities","details":"Updated mariadb packages fix security vulnerabilities:\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Replication). Difficult to exploit vulnerability allows\nunauthenticated attacker with logon to the infrastructure where MariaDB\nServer executes to compromise MariaDB Server. Successful attacks require\nhuman interaction from a person other than the attacker and while the\nvulnerability is in MariaDB Server, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result\nin takeover of MariaDB Server (CVE-2018-2755).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nClient programs). Difficult to exploit vulnerability allows unauthenticated\nattacker with network access via multiple protocols to compromise MariaDB\nServer. Successful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMariaDB Server (CVE-2018-2761).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows high privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a hang or frequently repeatable crash (complete DOS) of MariaDB\nServer (CVE-2018-2766).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Locking). Difficult to exploit vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise MariaDB\nServer. Successful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMariaDB Server (CVE-2018-2771).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Optimizer). Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise MariaDB\nServer. Successful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMariaDB Server (CVE-2018-2781).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a hang or frequently repeatable crash (complete DOS) of MariaDB\nServer (CVE-2018-2782).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a hang or frequently repeatable crash (complete DOS) of MariaDB\nServer (CVE-2018-2784).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows high privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a hang or frequently repeatable crash (complete DOS) of MariaDB\nServer as well as unauthorized update, insert or delete access to some of\nMariaDB Server accessible data (CVE-2018-2787).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: DDL). Easily exploitable vulnerability allows low privileged\nattacker with network access via multiple protocols to compromise MariaDB\nServer. Successful attacks of this vulnerability can result in unauthorized\nread access to a subset of MariaDB Server accessible data (CVE-2018-2813).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: DDL). Easily exploitable vulnerability allows low privileged\nattacker with network access via multiple protocols to compromise MariaDB\nServer. Successful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMariaDB Server (CVE-2018-2817).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a hang or frequently repeatable crash (complete DOS) of MariaDB\nServer (CVE-2018-2819).\n","modified":"2026-04-16T06:26:32.532899099Z","published":"2018-05-29T19:41:14Z","upstream":["CVE-2018-2755","CVE-2018-2761","CVE-2018-2766","CVE-2018-2771","CVE-2018-2781","CVE-2018-2782","CVE-2018-2784","CVE-2018-2787","CVE-2018-2813","CVE-2018-2817","CVE-2018-2819"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0259.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23058"},{"type":"WEB","url":"https://mariadb.com/kb/en/library/mariadb-10035-release-notes/"},{"type":"WEB","url":"https://mariadb.org/mariadb-10-0-35-mariadb-galera-cluster-5-5-60-and-mariadb-connector-c-3-0-4-now-available/"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL"}],"affected":[{"package":{"name":"mariadb","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/mariadb?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.0.35-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0259.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}