From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH-2018.02.x 2/2] mariadb: security bump to version 10.1.37
Date: Sun, 25 Nov 2018 21:15:26 +0100 [thread overview]
Message-ID: <874lc46hi9.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20181123204450.26813-2-peter@korsgaard.com> (Peter Korsgaard's message of "Fri, 23 Nov 2018 21:44:50 +0100")
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> CVE-2018-3282: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Storage Engines). Supported versions that are
> affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12
> and prior. Easily exploitable vulnerability allows high privileged attacker
> with network access via multiple protocols to compromise MySQL Server.
> Successful attacks of this vulnerability can result in unauthorized ability
> to cause a hang or frequently repeatable crash (complete DOS) of MySQL
> Server.
> CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow
> context-dependent attackers to have unspecified impact via vectors involving
> big-endian CRC calculation.
> CVE-2018-3174: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Client programs). Supported versions that are affected are
> 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior.
> Difficult to exploit vulnerability allows high privileged attacker with
> logon to the infrastructure where MySQL Server executes to compromise MySQL
> Server. While the vulnerability is in MySQL Server, attacks may
> significantly impact additional products. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2018-3143: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
> prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2018-3156: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
> prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> CVE-2018-3251: Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and
> prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of this
> vulnerability can result in unauthorized ability to cause a hang or
> frequently repeatable crash (complete DOS) of MySQL Server.
> The README has gotten a few extra URLs added, so update the sha256 to match.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2018.02.x and 2018.08.x, thanks.
--
Bye, Peter Korsgaard
next prev parent reply other threads:[~2018-11-25 20:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-23 20:44 [Buildroot] [PATCH-2018.02.x 1/2] mariadb: drop my-small.cnf handling Peter Korsgaard
2018-11-23 20:44 ` [Buildroot] [PATCH-2018.02.x 2/2] mariadb: security bump to version 10.1.37 Peter Korsgaard
2018-11-25 20:15 ` Peter Korsgaard [this message]
2018-11-25 20:15 ` [Buildroot] [PATCH-2018.02.x 1/2] mariadb: drop my-small.cnf handling Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874lc46hi9.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox