Source: mariadb-10.3 Version: 1:10.3.14-1 Severity: grave Tags: security upstream Justification: user security hole
Hi, The following vulnerabilities were published for mariadb-10.3. CVE-2019-2614[0]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: Server: Replication). Supported versions that are | affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. | Difficult to exploit vulnerability allows high privileged attacker | with network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete DOS) | of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS | Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2627[1]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: Server: Security: Privileges). Supported versions that | are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2628[2]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: InnoDB). Supported versions that are affected are | 5.7.25 and prior and 8.0.15 and prior. Easily exploitable | vulnerability allows high privileged attacker with network access via | multiple protocols to compromise MySQL Server. Successful attacks of | this vulnerability can result in unauthorized ability to cause a hang | or frequently repeatable crash (complete DOS) of MySQL Server. CVSS | 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-2614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2614 [1] https://security-tracker.debian.org/tracker/CVE-2019-2627 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2627 [2] https://security-tracker.debian.org/tracker/CVE-2019-2628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2628 [3] https://mariadb.com/kb/en/library/mariadb-10315-release-notes/ Regards, Salvatore