Fedora 29 update for mariadb

1) Input validation error

EUVDB-ID: #VU33736

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3282

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU6666

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-9843

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in zlib due to big-endian out-of-bounds pointer. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU33747

Risk: Low

CVSSv4.0: 0.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Clear]

CVE-ID: CVE-2018-3174

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to a crash the entire system.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU33743

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3143

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU33744

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3156

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU33750

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3251

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU33748

Risk: Medium

CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3185

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU33751

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3277

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU33745

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3162

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU33746

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3173

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU33749

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-3200

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU33752

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-3284

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

mariadb: before 10.3.11-1.fc29

CPE2.3

• cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
• cpe:2.3:a:fedoraproject:mariadb:*:*:*:*:*:fedora:*:*

External links

https://bodhi.fedoraproject.org/updates/FEDORA-2018-242f6c1a41

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.