Ubuntu Update for mariadb-10.1 USN-4070-2

Published: 2019-08-14 02:02:10
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Summary:
The remote host is missing an update for the 'mariadb-10.1' Linux Distribution Package(s) announced via the USN-4070-2 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.41. In addition to security fixes, the updated Linux Distribution Package contain bug fixes, new features, and possibly incompatible changes. Original advisory details: Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated Linux Distribution Packages contain bug fixes, new features, and possibly incompatible changes.

Affected Versions:
'mariadb-10.1' Linux Distribution Package(s) on Ubuntu 18.04 LTS.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2019-2737
https://nvd.nist.gov/vuln/detail/CVE-2019-2739
https://nvd.nist.gov/vuln/detail/CVE-2019-2740
https://nvd.nist.gov/vuln/detail/CVE-2019-2805

References:

https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-August/005060.html

Search
Severity
Medium
CVSS Score
4.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.