[RHSA-2020:5503] mariadb-connector-c security, bug fix, and enhancement update
The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases.
The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898993)
Security Fix(es):
mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Code utilizing plugins can't be compiled properly (BZ#1899001)
Add "zlib-devel" requirement in "-devel" subpackage (BZ#1899005)
Replace hard-coded /usr with %{_prefix} (BZ#1899099)
Package | Affected Version |
---|---|
pkg:rpm/redhat/mariadb-connector-c?arch=x86_64&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c?arch=s390x&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c?arch=ppc64le&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c?arch=i686&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c?arch=aarch64&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c-devel?arch=x86_64&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c-devel?arch=s390x&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c-devel?arch=ppc64le&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c-devel?arch=i686&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c-devel?arch=aarch64&distro=redhat-8.3 | < 3.1.11-2.el8_3 |
pkg:rpm/redhat/mariadb-connector-c-config?distro=redhat-8.3 | < 3.1.11-2.el8_3 |
- ID
- RHSA-2020:5503
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2020:5503
- Published
-
2020-12-15T00:00:00
(3 years ago) - Modified
-
2020-12-15T00:00:00
(3 years ago) - Rights
- Copyright 2020 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2020-1537
- ALPINE:CVE-2020-13249
- ALPINE:CVE-2020-2574
- ALPINE:CVE-2020-2752
- ALSA-2019:3708
- ALSA-2020:3732
- ALSA-2020:5500
- ALSA-2020:5503
- ELSA-2020-3732
- ELSA-2020-4026
- ELSA-2020-5500
- ELSA-2020-5503
- FEDORA-2020-35f52d9370
- FEDORA-2020-ac2d47d89a
- FEDORA-2021-b1d1655cef
- FEDORA-2021-db50ab62d3
- FREEBSD:622B5C47-855B-11EA-A5E2-D4C9EF517024
- FREEBSD:A6CF65AD-37D2-11EA-A1C7-B499BAEBFEAF
- FREEBSD:CB0183BB-45F6-11EA-A1C7-B499BAEBFEAF
- GLSA-202012-08
- GLSA-202105-27
- openSUSE-SU-2020:0289-1
- openSUSE-SU-2020:0738-1
- openSUSE-SU-2020:0870-1
- RHSA-2019:3708
- RHSA-2020:1100
- RHSA-2020:3732
- RHSA-2020:4026
- RHSA-2020:5500
- RLSA-2019:3708
- RLSA-2020:3732
- RLSA-2020:5500
- RLSA-2020:5503
- SSA:2020-133-01
- SUSE-SU-2020:0496-1
- SUSE-SU-2020:0505-1
- SUSE-SU-2020:0523-1
- SUSE-SU-2020:0527-1
- SUSE-SU-2020:0640-1
- SUSE-SU-2020:0831-1
- SUSE-SU-2020:1423-1
- SUSE-SU-2020:1431-1
- SUSE-SU-2020:1625-1
- SUSE-SU-2020:1710-1
- SUSE-SU-2020:1711-1
- SUSE-SU-2020:1798-1
- SUSE-SU-2020:3625-1
- USN-4250-1
- USN-4250-2
- USN-4350-1
- USN-4603-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1798587 | https://bugzilla.redhat.com/1798587 | |
Bugzilla | 1835849 | https://bugzilla.redhat.com/1835849 | |
Bugzilla | 1835850 | https://bugzilla.redhat.com/1835850 | |
Bugzilla | 1839827 | https://bugzilla.redhat.com/1839827 | |
Bugzilla | 1922382 | https://bugzilla.redhat.com/1922382 | |
RHSA | RHSA-2020:5503 | https://access.redhat.com/errata/RHSA-2020:5503 | |
CVE | CVE-2020-13249 | https://access.redhat.com/security/cve/CVE-2020-13249 | |
CVE | CVE-2020-2574 | https://access.redhat.com/security/cve/CVE-2020-2574 | |
CVE | CVE-2020-2752 | https://access.redhat.com/security/cve/CVE-2020-2752 | |
CVE | CVE-2020-2922 | https://access.redhat.com/security/cve/CVE-2020-2922 | |
CVE | CVE-2021-2007 | https://access.redhat.com/security/cve/CVE-2021-2007 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/mariadb-connector-c?arch=x86_64&distro=redhat-8.3 | redhat | mariadb-connector-c | < 3.1.11-2.el8_3 | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/mariadb-connector-c?arch=s390x&distro=redhat-8.3 | redhat | mariadb-connector-c | < 3.1.11-2.el8_3 | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/mariadb-connector-c?arch=ppc64le&distro=redhat-8.3 | redhat | mariadb-connector-c | < 3.1.11-2.el8_3 | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/mariadb-connector-c?arch=i686&distro=redhat-8.3 | redhat | mariadb-connector-c | < 3.1.11-2.el8_3 | redhat-8.3 | i686 | |
Affected | pkg:rpm/redhat/mariadb-connector-c?arch=aarch64&distro=redhat-8.3 | redhat | mariadb-connector-c | < 3.1.11-2.el8_3 | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/mariadb-connector-c-devel?arch=x86_64&distro=redhat-8.3 | redhat | mariadb-connector-c-devel | < 3.1.11-2.el8_3 | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/mariadb-connector-c-devel?arch=s390x&distro=redhat-8.3 | redhat | mariadb-connector-c-devel | < 3.1.11-2.el8_3 | redhat-8.3 | s390x | |
Affected | pkg:rpm/redhat/mariadb-connector-c-devel?arch=ppc64le&distro=redhat-8.3 | redhat | mariadb-connector-c-devel | < 3.1.11-2.el8_3 | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/mariadb-connector-c-devel?arch=i686&distro=redhat-8.3 | redhat | mariadb-connector-c-devel | < 3.1.11-2.el8_3 | redhat-8.3 | i686 | |
Affected | pkg:rpm/redhat/mariadb-connector-c-devel?arch=aarch64&distro=redhat-8.3 | redhat | mariadb-connector-c-devel | < 3.1.11-2.el8_3 | redhat-8.3 | aarch64 | |
Affected | pkg:rpm/redhat/mariadb-connector-c-config?distro=redhat-8.3 | redhat | mariadb-connector-c-config | < 3.1.11-2.el8_3 | redhat-8.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |