RHSA-2020:5655: Red Hat Security Advisory: mariadb-connector-c security, bug fix, and enhancement update

An update for mariadb-connector-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898994) Security Fix(es):

• mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
• mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
• mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
• mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es):
• Code utilizing plugins can’t be compiled properly (BZ#1899002)
• Add “zlib-devel” requirement in "-devel" subpackage (BZ#1899006)
• Replace hard-coded /usr with %{_prefix} (BZ#1899100) Related CVEs:
• CVE-2020-2574: mysql: C API unspecified vulnerability (CPU Jan 2020)
• CVE-2020-2752: mysql: C API unspecified vulnerability (CPU Apr 2020)
• CVE-2020-2922: mysql: C API unspecified vulnerability (CPU Apr 2020)
• CVE-2020-13249: mariadb-connector-c: Improper validation of content in a OK packet received from server
• CVE-2021-2007: mysql: C API unspecified vulnerability (CPU Jan 2021)