{"id":"MGASA-2018-0139","summary":"Updated mariadb packages fix security vulnerability","details":"Vulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nPartition). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\nas well as unauthorized update, insert or delete access to some of MariaDB\nServer accessible data (CVE-2018-2562).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nDDL). Easily exploitable vulnerability allows low privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2622).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nOptimizer). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2640).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nOptimizer). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2665).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent: Server:\nOptimizer). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized ability to\ncause a hang or frequently repeatable crash (complete DOS) of MariaDB Server\n(CVE-2018-2668).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MariaDB Server. Successful\nattacks of this vulnerability can result in unauthorized creation, deletion or\nmodification access to critical data or all MariaDB Server accessible data and\nunauthorized ability to cause a hang or frequently repeatable crash (complete\nDOS) of MariaDB Server (CVE-2018-2612).\n","modified":"2026-01-31T21:19:14.503881Z","published":"2018-02-24T23:25:24Z","related":["CVE-2018-2562","CVE-2018-2612","CVE-2018-2622","CVE-2018-2640","CVE-2018-2665","CVE-2018-2668"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0139.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22608"},{"type":"REPORT","url":"https://mariadb.com/kb/en/library/mariadb-10034-release-notes/"},{"type":"REPORT","url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}],"affected":[{"package":{"name":"mariadb","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/mariadb?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.0.34-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0139.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}