Headline
RHSA-2020:5655: Red Hat Security Advisory: mariadb-connector-c security, bug fix, and enhancement update
An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898994) Security Fix(es):
- mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
- mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
- mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
- mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es):
- Code utilizing plugins can’t be compiled properly (BZ#1899002)
- Add “zlib-devel” requirement in "-devel" subpackage (BZ#1899006)
- Replace hard-coded /usr with %{_prefix} (BZ#1899100) Related CVEs:
- CVE-2020-2574: mysql: C API unspecified vulnerability (CPU Jan 2020)
- CVE-2020-2752: mysql: C API unspecified vulnerability (CPU Apr 2020)
- CVE-2020-2922: mysql: C API unspecified vulnerability (CPU Apr 2020)
- CVE-2020-13249: mariadb-connector-c: Improper validation of content in a OK packet received from server
- CVE-2021-2007: mysql: C API unspecified vulnerability (CPU Jan 2021)