{"id":"MGASA-2018-0359","summary":"Updated mariadb packages fix security vulnerability","details":"Updated mariadb packages fix security vulnerabilities:\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nMyISAM). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MariaDB Server accessible\ndata (CVE-2018-3058).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Security: Privileges). Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MariaDB Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently repeatable\ncrash (complete DOS) of MariaDB Server (CVE-2018-3063).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a hang or frequently repeatable crash (complete DOS) of MariaDB\nServer as well as unauthorized update, insert or delete access to some of\nMariaDB Server accessible data (CVE-2018-3064).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Options). Difficult to exploit vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise MariaDB\nServer. Successful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MariaDB Server accessible data\nas well as unauthorized read access to a subset of MariaDB Server\naccessible data (CVE-2018-3066).\n","modified":"2026-04-16T06:24:58.473934363Z","published":"2018-08-31T21:11:59Z","upstream":["CVE-2018-3058","CVE-2018-3063","CVE-2018-3065","CVE-2018-3066"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0359.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23407"},{"type":"WEB","url":"https://mariadb.com/kb/en/library/mariadb-10036-release-notes/"},{"type":"WEB","url":"https://mariadb.org/mariadb-10-0-36-now-available/"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL"}],"affected":[{"package":{"name":"mariadb","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/mariadb?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.0.36-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0359.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}