{"id":"MGASA-2018-0335","summary":"Updated mariadb packages fix security vulnerabilities","details":"Updated mariadb packages fix security vulnerabilities:\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nMyISAM). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nupdate, insert or delete access to some of MariaDB Server accessible\ndata (CVE-2018-3058).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Security: Privileges). Easily exploitable vulnerability allows\nhigh privileged attacker with network access via multiple protocols to\ncompromise MariaDB Server. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a hang or frequently repeatable\ncrash (complete DOS) of MariaDB Server (CVE-2018-3063).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nInnoDB). Easily exploitable vulnerability allows low privileged attacker\nwith network access via multiple protocols to compromise MariaDB Server.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMariaDB Server as well as unauthorized update, insert or delete access\nto some of MariaDB Server accessible data (CVE-2018-3064).\n\nVulnerability in the MariaDB Server component of MariaDB (subcomponent:\nServer: Options). Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to \ncompromise MariaDB Server. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of MariaDB\nServer accessible data as well as unauthorized read access to a subset of\nMariaDB Server accessible data (CVE-2018-3066).\n","modified":"2026-04-16T01:48:03.101858140Z","published":"2018-08-12T20:39:12Z","upstream":["CVE-2018-3058","CVE-2018-3063","CVE-2018-3064","CVE-2018-3066"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0335.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23271"},{"type":"WEB","url":"https://mariadb.com/kb/en/library/mariadb-10134-release-notes/"},{"type":"WEB","url":"https://mariadb.com/kb/en/library/mariadb-10135-release-notes/"},{"type":"WEB","url":"https://mariadb.org/mariadb-10-1-34-and-latest-mariadb-connectors-now-available/"},{"type":"WEB","url":"https://mariadb.org/mariadb-10-1-35-and-mariadb-galera-cluster-10-0-36-now-available/"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL"}],"affected":[{"package":{"name":"mariadb","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mariadb?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.1.35-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0335.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}