Source: mariadb-10.3 Version: 1:10.3.12-2 Severity: grave Tags: security upstream
Hi, The following vulnerabilities were published for mariadb-10.3, they are listed as to be fixed in 10.3.13[2]. CVE-2019-2510[0]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: InnoDB). Supported versions that are affected are | 5.7.24 and prior and 8.0.13 and prior. Easily exploitable | vulnerability allows high privileged attacker with network access via | multiple protocols to compromise MySQL Server. Successful attacks of | this vulnerability can result in unauthorized ability to cause a hang | or frequently repeatable crash (complete DOS) of MySQL Server. CVSS | 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2537[1]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: Server: DDL). Supported versions that are affected are | 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily | exploitable vulnerability allows high privileged attacker with network | access via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-2510 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2510 [1] https://security-tracker.debian.org/tracker/CVE-2019-2537 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2537 [2] https://mariadb.com/kb/en/library/mariadb-10313-release-notes/ Regards, Salvatore
