SUSE-SU-2020:3625-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3625-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2020:3625-1
- Related
- Published
- 2020-12-04T11:52:48Z
- Modified
- 2020-12-04T11:52:48Z
- Summary
- Security update for mariadb
- Details
-
This update for mariadb includes the following fixes:
Security fixes included in this update:
- CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server.
- CVE-2020-14812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-14765: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-14776: Fixed an issue which could have resulted in unauthorized ability of accessing data.
- CVE-2020-14789: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
- CVE-2020-15180: Fixed an issue in Galera which could have led to remote code execution.
Non Security fixes included in this update:
- Update to 10.2.36 GA [bsc#1177472] and [bsc#1178428]
- release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10236-release-notes https://mariadb.com/kb/en/library/mariadb-10236-changelog https://mariadb.com/kb/en/library/mariadb-10235-release-notes https://mariadb.com/kb/en/library/mariadb-10235-changelog https://mariadb.com/kb/en/library/mariadb-10234-release-notes https://mariadb.com/kb/en/library/mariadb-10234-changelog
- fixes for the following security vulnerabilities: 10.2.36: none 10.2.35: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 10.2.34: CVE-2020-15180
update suseskippedtests.list
Update to 10.2.33 GA [bsc#1175596]
- release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10233-release-notes https://mariadb.com/kb/en/library/mariadb-10233-changelog
- fixes for the following security vulnerabilities: none
- refresh mariadb-10.2.4-fortify-and-O.patch
- tune the testsuite to avoid randomly failing tests
update suseskippedtests.list
Update to 10.2.32 GA [bsc#1171550]
- Fixes for the following security vulnerabilities: CVE-2020-2752, CVE-2020-2812, CVE-2020-2814, CVE-2020-2760, CVE-2020-13249
- release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10232-release-notes https://mariadb.com/kb/en/library/mariadb-10232-changelog
- refresh mariadb-10.2.4-fortify-and-O.patch
- drop specfile 'hacks' as things work correctly in upstream now:
- renaming tmpfiles.conf -> mariadb.conf
- installing pamusermap.so to /lib64/security for non 32bit architectures
- sysusers.conf was renamed to mariadb.conf
- update suseskippedtests.list
- References
-
- https://www.suse.com/support/update/announcement/2020/suse-su-20203625-1/
- https://bugzilla.suse.com/1171550
- https://bugzilla.suse.com/1175596
- https://bugzilla.suse.com/1177472
- https://bugzilla.suse.com/1178428
- https://www.suse.com/security/cve/CVE-2020-13249
- https://www.suse.com/security/cve/CVE-2020-14765
- https://www.suse.com/security/cve/CVE-2020-14776
- https://www.suse.com/security/cve/CVE-2020-14789
- https://www.suse.com/security/cve/CVE-2020-14812
- https://www.suse.com/security/cve/CVE-2020-15180
- https://www.suse.com/security/cve/CVE-2020-2752
- https://www.suse.com/security/cve/CVE-2020-2760
- https://www.suse.com/security/cve/CVE-2020-2812
- https://www.suse.com/security/cve/CVE-2020-2814