[Cucumber-linux-security] mariadb (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
[Cucumber-linux-security] mariadb (security update is available)
|
From: Scott C. <sc...@cu...> - 2018-05-10 20:10:03
|
Update Information A security update is available for mariadb for the following versions of Cucumber Linux: * 1.0 * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Thu May 10 15:22:51 EDT 2018 net-general/mariadb upgraded from 10.1.32 to 10.1.33 to fix several security vulnerabilities: CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2766 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 and CVE-2018-2813. The worst of these (CVE-2018-2755) was a very difficult to exploit vulnerability that allowed for a complete takeover of a MariaDB server only if an attacker could successfully get someone with legitimate access to the server to perform an action. CVE-2018-2813 allowed for unauthorized read access to a subset of the MariaDB server accessible data. The remaining vulnerabilities all allowed for a denial of service attacks (server crashes). For more information see: https://mariadb.com/kb/en/library/mariadb-10133-release-notes/ https://security.cucumberlinux.com/security/details.php?id=387 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782 https://security.cucumberlinux.com/security/details.php?id=388 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784 https://security.cucumberlinux.com/security/details.php?id=389 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787 https://security.cucumberlinux.com/security/details.php?id=390 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766 https://security.cucumberlinux.com/security/details.php?id=391 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755 https://security.cucumberlinux.com/security/details.php?id=392 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819 https://security.cucumberlinux.com/security/details.php?id=393 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817 https://security.cucumberlinux.com/security/details.php?id=394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761 https://security.cucumberlinux.com/security/details.php?id=395 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781 https://security.cucumberlinux.com/security/details.php?id=396 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771 https://security.cucumberlinux.com/security/details.php?id=397 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.32 to 10.1.33 (x86_64 only) * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-387 [CVE-2018-2782] (https://security.cucumberlinux.com/security/details.php?id=387) * CLD-388 [CVE-2018-2784] (https://security.cucumberlinux.com/security/details.php?id=388) * CLD-389 [CVE-2018-2787] (https://security.cucumberlinux.com/security/details.php?id=389) * CLD-390 [CVE-2018-2766] (https://security.cucumberlinux.com/security/details.php?id=390) * CLD-391 [CVE-2018-2755] (https://security.cucumberlinux.com/security/details.php?id=391) * CLD-392 [CVE-2018-2819] (https://security.cucumberlinux.com/security/details.php?id=392) * CLD-393 [CVE-2018-2817] (https://security.cucumberlinux.com/security/details.php?id=393) * CLD-394 [CVE-2018-2761] (https://security.cucumberlinux.com/security/details.php?id=394) * CLD-395 [CVE-2018-2781] (https://security.cucumberlinux.com/security/details.php?id=395) * CLD-396 [CVE-2018-2771] (https://security.cucumberlinux.com/security/details.php?id=396) * CLD-397 [CVE-2018-2813] (https://security.cucumberlinux.com/security/details.php?id=397) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure mariadb is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
