SUSE-SU-2020:3625-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2020/suse-su-20203625-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3625-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:3625-1
Related
Published
2020-12-04T11:52:48Z
Modified
2020-12-04T11:52:48Z
Summary
Security update for mariadb
Details

This update for mariadb includes the following fixes:

Security fixes included in this update:

  • CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
  • CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
  • CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
  • CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
  • CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server.
  • CVE-2020-14812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
  • CVE-2020-14765: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
  • CVE-2020-14776: Fixed an issue which could have resulted in unauthorized ability of accessing data.
  • CVE-2020-14789: Fixed an issue which could have resulted in unauthorized ability to cause denial of service.
  • CVE-2020-15180: Fixed an issue in Galera which could have led to remote code execution.

Non Security fixes included in this update:

  • Update to 10.2.36 GA [bsc#1177472] and [bsc#1178428]
    • release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10236-release-notes https://mariadb.com/kb/en/library/mariadb-10236-changelog https://mariadb.com/kb/en/library/mariadb-10235-release-notes https://mariadb.com/kb/en/library/mariadb-10235-changelog https://mariadb.com/kb/en/library/mariadb-10234-release-notes https://mariadb.com/kb/en/library/mariadb-10234-changelog
    • fixes for the following security vulnerabilities: 10.2.36: none 10.2.35: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 10.2.34: CVE-2020-15180

  • update suseskippedtests.list

  • Update to 10.2.33 GA [bsc#1175596]

    • release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10233-release-notes https://mariadb.com/kb/en/library/mariadb-10233-changelog
    • fixes for the following security vulnerabilities: none
  • refresh mariadb-10.2.4-fortify-and-O.patch
  • tune the testsuite to avoid randomly failing tests

  • update suseskippedtests.list

  • Update to 10.2.32 GA [bsc#1171550]

    • Fixes for the following security vulnerabilities: CVE-2020-2752, CVE-2020-2812, CVE-2020-2814, CVE-2020-2760, CVE-2020-13249
    • release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10232-release-notes https://mariadb.com/kb/en/library/mariadb-10232-changelog
  • refresh mariadb-10.2.4-fortify-and-O.patch
  • drop specfile 'hacks' as things work correctly in upstream now:
    • renaming tmpfiles.conf -> mariadb.conf
    • installing pamusermap.so to /lib64/security for non 32bit architectures
    • sysusers.conf was renamed to mariadb.conf
  • update suseskippedtests.list
References

Affected packages

SUSE:OpenStack Cloud 7 / mariadb

Package

Name
mariadb
Purl
purl:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.2.36-19.1

Ecosystem specific 

{
    "binaries": [
        {
            "mariadb-galera": "10.2.36-19.1",
            "mariadb-errormessages": "10.2.36-19.1",
            "mariadb": "10.2.36-19.1",
            "mariadb-tools": "10.2.36-19.1",
            "mariadb-client": "10.2.36-19.1"
        }
    ]
}