{"id":"MGASA-2018-0269","summary":"Updated mariadb packages fix security vulnerabilities","details":"Updated mariadb packages fix security vulnerabilities:\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nPartition). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\nas well as unauthorized update, insert or delete access to some of MariaDB\nServer accessible data (CVE-2018-2562).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nDDL). Easily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2622).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nOptimizer). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2640).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nOptimizer). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2665).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nOptimizer). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2668).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized creation, deletion or\nmodification access to critical data or all MariaDB Server accessible data and\nunauthorized ability to cause a hang or frequently repeatable crash (complete\nDOS) of MariaDB Server (CVE-2018-2612).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Replication). Difficult to exploit vulnerability allows\nunauthenticated attacker with logon to the infrastructure where MariaDB Server\nexecutes to compromise MariaDB Server. Successful attacks require human\ninteraction from a person other than the attacker and while the vulnerability\nis in MariaDB Server, attacks may significantly impact additional products.\nSuccessful attacks of this vulnerability can result in takeover of MariaDB\nServer (CVE-2018-2755).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Client\nprograms). Difficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2761).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2766).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Locking). Difficult to exploit vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise MariaDB\nServer. Successful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMariaDB Server (CVE-2018-2771).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Optimizer). Easily exploitable vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise MariaDB\nServer. Successful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMariaDB Server (CVE-2018-2781).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2782).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2784).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of MariaDB Server as well\nas unauthorized update, insert or delete access to some of MariaDB Server\naccessible data (CVE-2018-2787).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: DDL). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized read\naccess to a subset of MariaDB Server accessible data (CVE-2018-2813).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: DDL). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2817).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2819).\n","modified":"2026-04-16T06:23:50.142149296Z","published":"2018-06-04T15:11:47Z","upstream":["CVE-2018-2562","CVE-2018-2612","CVE-2018-2622","CVE-2018-2640","CVE-2018-2665","CVE-2018-2668","CVE-2018-2755","CVE-2018-2761","CVE-2018-2766","CVE-2018-2771","CVE-2018-2781","CVE-2018-2782","CVE-2018-2784","CVE-2018-2787","CVE-2018-2813","CVE-2018-2817","CVE-2018-2819"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0269.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22607"},{"type":"WEB","url":"https://mariadb.com/kb/en/library/mariadb-10131-release-notes/"},{"type":"WEB","url":"https://mariadb.com/kb/en/library/mariadb-10132-release-notes/"},{"type":"WEB","url":"https://mariadb.com/kb/en/library/mariadb-10133-release-notes/"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}],"affected":[{"package":{"name":"mariadb","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mariadb?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.1.33-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0269.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}