{"affected":[{"ecosystem_specific":{"binaries":[{"mariadb":"10.2.31-16.1","mariadb-client":"10.2.31-16.1","mariadb-errormessages":"10.2.31-16.1","mariadb-galera":"10.2.31-16.1","mariadb-tools":"10.2.31-16.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"mariadb","purl":"pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"10.2.31-16.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mariadb to version 10.2.31 GA fixes the following issues:\n\nMariaDB was updated to version 10.2.31 GA (bsc#1162388 and bsc#1156669).\n\nSecurity issues fixed:\n\n- CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).\n- CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895).\n- CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service \n- CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service \n- CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service\n- CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service\n- CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service\n- CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service\n  or data corruption\n- CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service \n  or data corruption\n- Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878).\n- Fixed a potental symlink attack (bsc#1160912).\n- Fixed a permissions issue in /var/lib/mysql (bsc#1077717).\n- Used systemd-tmpfiles for a cleaner and safer creation of /run/mysql (bsc#1160883).\n","id":"SUSE-SU-2020:0831-1","modified":"2020-03-31T12:51:03Z","published":"2020-03-31T12:51:03Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200831-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1077717"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156669"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160878"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160883"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160895"},{"type":"REPORT","url":"https://bugzilla.suse.com/1160912"},{"type":"REPORT","url":"https://bugzilla.suse.com/1162388"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18901"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2737"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2739"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2740"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2758"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2938"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2974"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-2574"}],"related":["CVE-2019-18901","CVE-2019-2737","CVE-2019-2739","CVE-2019-2740","CVE-2019-2758","CVE-2019-2805","CVE-2019-2938","CVE-2019-2974","CVE-2020-2574"],"summary":"Security update for mariadb","upstream":["CVE-2019-18901","CVE-2019-2737","CVE-2019-2739","CVE-2019-2740","CVE-2019-2758","CVE-2019-2805","CVE-2019-2938","CVE-2019-2974","CVE-2020-2574"]}