[ALSA-2020:5503] mariadb-connector-c security, bug fix, and enhancement update

Severity Moderate

Affected Packages 7

CVEs 5

An update for mariadb-connector-c is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases.

The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898993)

Security Fix(es):

mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Code utilizing plugins can't be compiled properly (BZ#1899001)
Add "zlib-devel" requirement in "-devel" subpackage (BZ#1899005)
Replace hard-coded /usr with %{_prefix} (BZ#1899099)

Package	Affected Version
pkg:rpm/almalinux/mariadb-connector-c?arch=x86_64&distro=almalinux-8.3	< 3.1.11-2.el8_3
pkg:rpm/almalinux/mariadb-connector-c?arch=i686&distro=almalinux-8.3	< 3.1.11-2.el8_3
pkg:rpm/almalinux/mariadb-connector-c?arch=aarch64&distro=almalinux-8.3	< 3.1.11-2.el8_3
pkg:rpm/almalinux/mariadb-connector-c-devel?arch=x86_64&distro=almalinux-8.3	< 3.1.11-2.el8_3
pkg:rpm/almalinux/mariadb-connector-c-devel?arch=i686&distro=almalinux-8.3	< 3.1.11-2.el8_3
pkg:rpm/almalinux/mariadb-connector-c-devel?arch=aarch64&distro=almalinux-8.3	< 3.1.11-2.el8_3
pkg:rpm/almalinux/mariadb-connector-c-config?arch=noarch&distro=almalinux-8.3	< 3.1.11-2.el8_3

ID

ALSA-2020:5503

Severity

moderate

URL

https://errata.almalinux.org/ALSA-2020:5503.html

Published

2020-12-15T16:04:12
(3 years ago)

Modified

2021-11-12T10:20:56
(2 years ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2020-13249	https://vulners.com/cve/CVE-2020-13249
CVE	CVE-2020-2574	https://vulners.com/cve/CVE-2020-2574
CVE	CVE-2020-2752	https://vulners.com/cve/CVE-2020-2752
CVE	CVE-2020-2922	https://vulners.com/cve/CVE-2020-2922
CVE	CVE-2021-2007	https://vulners.com/cve/CVE-2021-2007

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/almalinux/mariadb-connector-c?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-connector-c	< 3.1.11-2.el8_3	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-connector-c?arch=i686&distro=almalinux-8.3	almalinux	mariadb-connector-c	< 3.1.11-2.el8_3	almalinux-8.3	i686
Affected	pkg:rpm/almalinux/mariadb-connector-c?arch=aarch64&distro=almalinux-8.3	almalinux	mariadb-connector-c	< 3.1.11-2.el8_3	almalinux-8.3	aarch64
Affected	pkg:rpm/almalinux/mariadb-connector-c-devel?arch=x86_64&distro=almalinux-8.3	almalinux	mariadb-connector-c-devel	< 3.1.11-2.el8_3	almalinux-8.3	x86_64
Affected	pkg:rpm/almalinux/mariadb-connector-c-devel?arch=i686&distro=almalinux-8.3	almalinux	mariadb-connector-c-devel	< 3.1.11-2.el8_3	almalinux-8.3	i686
Affected	pkg:rpm/almalinux/mariadb-connector-c-devel?arch=aarch64&distro=almalinux-8.3	almalinux	mariadb-connector-c-devel	< 3.1.11-2.el8_3	almalinux-8.3	aarch64
Affected	pkg:rpm/almalinux/mariadb-connector-c-config?arch=noarch&distro=almalinux-8.3	almalinux	mariadb-connector-c-config	< 3.1.11-2.el8_3	almalinux-8.3	noarch

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date