RHSA-2016:1132-01 -- Redhat rh-mariadb100-mariadbID: oval:org.secpod.oval:def:505085 | Date: (C)2021-02-03 (M)2024-04-17 |
Class: PATCH | Family: unix |
MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library, to implement regular expression support in SQL queries. Security Fix: * It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make MariaDB execute an SQL query with a specially crafted regular expression could use these flaws to cause it to crash or, possibly, execute arbitrary code
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |
Product: |
rh-mariadb100-mariadb |