[ALSA-2020:5503] mariadb-connector-c security, bug fix, and enhancement update
An update for mariadb-connector-c is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases.
The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898993)
Security Fix(es):
mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Code utilizing plugins can't be compiled properly (BZ#1899001)
Add "zlib-devel" requirement in "-devel" subpackage (BZ#1899005)
Replace hard-coded /usr with %{_prefix} (BZ#1899099)
Package | Affected Version |
---|---|
pkg:rpm/almalinux/mariadb-connector-c?arch=x86_64&distro=almalinux-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/almalinux/mariadb-connector-c?arch=i686&distro=almalinux-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/almalinux/mariadb-connector-c?arch=aarch64&distro=almalinux-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/almalinux/mariadb-connector-c-devel?arch=x86_64&distro=almalinux-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/almalinux/mariadb-connector-c-devel?arch=i686&distro=almalinux-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/almalinux/mariadb-connector-c-devel?arch=aarch64&distro=almalinux-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/almalinux/mariadb-connector-c-config?arch=noarch&distro=almalinux-8.3 | < 3.1.11-2.el8_3 |
- ID
- ALSA-2020:5503
- Severity
- moderate
- URL
- https://errata.almalinux.org/ALSA-2020:5503.html
- Published
-
2020-12-15T16:04:12
(3 years ago) - Modified
-
2021-11-12T10:20:56
(2 years ago) - Rights
- Copyright 2021 AlmaLinux OS
- Other Advisories
-
- ALAS2-2020-1537
- ALPINE:CVE-2020-13249
- ALPINE:CVE-2020-2574
- ALPINE:CVE-2020-2752
- ALSA-2019:3708
- ALSA-2020:3732
- ALSA-2020:5500
- ELSA-2020-3732
- ELSA-2020-4026
- ELSA-2020-5500
- ELSA-2020-5503
- FEDORA-2020-35f52d9370
- FEDORA-2020-ac2d47d89a
- FEDORA-2021-b1d1655cef
- FEDORA-2021-db50ab62d3
- FREEBSD:622B5C47-855B-11EA-A5E2-D4C9EF517024
- FREEBSD:A6CF65AD-37D2-11EA-A1C7-B499BAEBFEAF
- FREEBSD:CB0183BB-45F6-11EA-A1C7-B499BAEBFEAF
- GLSA-202012-08
- GLSA-202105-27
- openSUSE-SU-2020:0289-1
- openSUSE-SU-2020:0738-1
- openSUSE-SU-2020:0870-1
- RHSA-2019:3708
- RHSA-2020:1100
- RHSA-2020:3732
- RHSA-2020:4026
- RHSA-2020:5500
- RHSA-2020:5503
- RLSA-2019:3708
- RLSA-2020:3732
- RLSA-2020:5500
- RLSA-2020:5503
- SSA:2020-133-01
- SUSE-SU-2020:0496-1
- SUSE-SU-2020:0505-1
- SUSE-SU-2020:0523-1
- SUSE-SU-2020:0527-1
- SUSE-SU-2020:0640-1
- SUSE-SU-2020:0831-1
- SUSE-SU-2020:1423-1
- SUSE-SU-2020:1431-1
- SUSE-SU-2020:1625-1
- SUSE-SU-2020:1710-1
- SUSE-SU-2020:1711-1
- SUSE-SU-2020:1798-1
- SUSE-SU-2020:3625-1
- USN-4250-1
- USN-4250-2
- USN-4350-1
- USN-4603-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2020-13249 | https://vulners.com/cve/CVE-2020-13249 | |
CVE | CVE-2020-2574 | https://vulners.com/cve/CVE-2020-2574 | |
CVE | CVE-2020-2752 | https://vulners.com/cve/CVE-2020-2752 | |
CVE | CVE-2020-2922 | https://vulners.com/cve/CVE-2020-2922 | |
CVE | CVE-2021-2007 | https://vulners.com/cve/CVE-2021-2007 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/almalinux/mariadb-connector-c?arch=x86_64&distro=almalinux-8.3 | almalinux | mariadb-connector-c | < 3.1.11-2.el8_3 | almalinux-8.3 | x86_64 | |
Affected | pkg:rpm/almalinux/mariadb-connector-c?arch=i686&distro=almalinux-8.3 | almalinux | mariadb-connector-c | < 3.1.11-2.el8_3 | almalinux-8.3 | i686 | |
Affected | pkg:rpm/almalinux/mariadb-connector-c?arch=aarch64&distro=almalinux-8.3 | almalinux | mariadb-connector-c | < 3.1.11-2.el8_3 | almalinux-8.3 | aarch64 | |
Affected | pkg:rpm/almalinux/mariadb-connector-c-devel?arch=x86_64&distro=almalinux-8.3 | almalinux | mariadb-connector-c-devel | < 3.1.11-2.el8_3 | almalinux-8.3 | x86_64 | |
Affected | pkg:rpm/almalinux/mariadb-connector-c-devel?arch=i686&distro=almalinux-8.3 | almalinux | mariadb-connector-c-devel | < 3.1.11-2.el8_3 | almalinux-8.3 | i686 | |
Affected | pkg:rpm/almalinux/mariadb-connector-c-devel?arch=aarch64&distro=almalinux-8.3 | almalinux | mariadb-connector-c-devel | < 3.1.11-2.el8_3 | almalinux-8.3 | aarch64 | |
Affected | pkg:rpm/almalinux/mariadb-connector-c-config?arch=noarch&distro=almalinux-8.3 | almalinux | mariadb-connector-c-config | < 3.1.11-2.el8_3 | almalinux-8.3 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |