[Buildroot] [PATCH 1/1] mariadb: security bump to version 10.1.23
Peter Korsgaard
peter at korsgaard.com
Thu Jun 1 14:06:54 UTC 2017
>>>>> "Ryan" == Ryan Coe <bluemrp9 at gmail.com> writes:
> Fixes:
> CVE-2017-3302 - Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and
> 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29,
> 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
> CVE-2017-3313 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: MyISAM). Supported versions that are affected are
> 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to
> exploit vulnerability allows low privileged attacker with logon to the
> infrastructure where MySQL Server executes to compromise MySQL Server.
> Successful attacks of this vulnerability can result in unauthorized access
> to critical data or complete access to all MySQL Server accessible data.
> CVE-2017-3308 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: DML). Supported versions that are affected are 5.5.54
> and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. While the vulnerability is
> in MySQL Server, attacks may significantly impact additional products.
> Successful attacks of this vulnerability can result in unauthorized
> ability to cause a hang or frequently repeatable crash (complete DOS) of
> MySQL Server.
> CVE-2017-3309 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Optimizer). Supported versions that are affected are
> 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
> "exploitable" vulnerability allows low privileged attacker with network
> access via multiple protocols to compromise MySQL Server. While the
> vulnerability is in MySQL Server, attacks may significantly impact
> additional products. Successful attacks of this vulnerability can result
> in unauthorized ability to cause a hang or frequently repeatable crash
> (complete DOS) of MySQL Server.
> CVE-2017-3453 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Optimizer). Supported versions that are affected are
> 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily
> "exploitable" vulnerability allows low privileged attacker with network
> access via multiple protocols to compromise MySQL Server. Successful attacks
> of this vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2017-3456 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: DML). Supported versions that are affected are 5.5.54
> and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
> vulnerability allows high privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2017-3464 - Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54
> and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized update, insert or delete access to
> some of MySQL Server accessible data.
> And a number of important, but non-security related fixes:
> MDEV-12602: Fixed some race conditions in InnoDB encryption
> MariaDB Backup alpha introduced
> Galera wsrep library updated to 25.3.20
> For details, see the release notes:
> https://mariadb.com/kb/en/mariadb/mariadb-10123-release-notes/
> Signed-off-by: Ryan Coe <bluemrp9 at gmail.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list