Lucene search

Cloud FoundryCFOUNDRY:7112FB68AFEAA233965BAACD54BEB417

HistoryFeb 29, 2024 - 12:00 a.m.

USN-6600-1: MariaDB vulnerabilities | Cloud Foundry

2024-02-2900:00:00

Cloud Foundry

www.cloudfoundry.org

usn-6600-1

mariadb

vulnerabilities

canonical ubuntu

22.04 lts

cloud foundry

cflinuxfs4

cf deployment

cve-2023-22084

cve-2022-47015

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

57.2%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 22.04

Description

Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update Instructions: Run sudo pro fix USN-6600-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mariadb-plugin-cracklib-password-check – 1:10.3.39-0ubuntu0.20.04.2 mariadb-backup – 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-connect – 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-spider – 1:10.3.39-0ubuntu0.20.04.2 libmariadbclient-dev – 1:10.3.39-0ubuntu0.20.04.2 libmariadb-dev – 1:10.3.39-0ubuntu0.20.04.2 libmariadb3 – 1:10.3.39-0ubuntu0.20.04.2 libmariadbd19 – 1:10.3.39-0ubuntu0.20.04.2 mariadb-client-core-10.3 – 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-tokudb – 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-mroonga – 1:10.3.39-0ubuntu0.20.04.2 mariadb-client – 1:10.3.39-0ubuntu0.20.04.2 mariadb-server-10.3 – 1:10.3.39-0ubuntu0.20.04.2 mariadb-server-core-10.3 – 1:10.3.39-0ubuntu0.20.04.2 mariadb-test-data – 1:10.3.39-0ubuntu0.20.04.2 mariadb-client-10.3 – 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-rocksdb – 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-gssapi-client – 1:10.3.39-0ubuntu0.20.04.2 libmariadbd-dev – 1:10.3.39-0ubuntu0.20.04.2 libmariadb-dev-compat – 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-gssapi-server – 1:10.3.39-0ubuntu0.20.04.2 mariadb-server – 1:10.3.39-0ubuntu0.20.04.2 mariadb-common – 1:10.3.39-0ubuntu0.20.04.2 mariadb-plugin-oqgraph – 1:10.3.39-0ubuntu0.20.04.2 mariadb-test – 1:10.3.39-0ubuntu0.20.04.2 No subscription required

CVEs contained in this USN include: CVE-2023-22084, CVE-2022-47015.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

cflinuxfs4
- All versions prior to 1.69.0
CF Deployment
- All versions prior to 37.5.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

cflinuxfs4
- Upgrade all versions to 1.69.0 or greater
CF Deployment
- Upgrade all versions to 37.5.0 or greater

References

History

2024-02-29: Initial vulnerability report published.

Affected configurations

Vulners

Node

cloudfoundrycflinuxfs4Range<1.69.0

cloudfoundrycf-deploymentRange<37.5.0

VendorProductVersionCPE
cloudfoundrycflinuxfs4*cpe:2.3:a:cloudfoundry:cflinuxfs4:*:*:*:*:*:*:*:*
cloudfoundrycf-deployment*cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudfoundry	cflinuxfs4	*	cpe:2.3:a:cloudfoundry:cflinuxfs4::::::::
cloudfoundry	cf-deployment	*	cpe:2.3:a:cloudfoundry:cf-deployment::::::::