OSG-SEC-2018-04-17 Vulnerability in MariaDB MySQL
Dear OSG Security Contacts,
A vulnerability has been reported in the MariaDB MySQL that has been rated as ‘up to HIGH’ by EGI . This vulnerability described in CVE-2018-2562, allows a low privileged attacker with network access via multiple protocols to compromise a MySQL Server.
Following versions are affected - MariaDB 10.2.12 (prior versions have not been tested) - MariaDB 10.1.30 (prior versions have not been tested) - MariaDB 10.0.33 (prior versions have not been tested) - MariaDB 5.5.58 and prior
Action Recommendations: Sites running MySQL should update to the most current version if they are running distributions where a patch is available. The vulnerability has been patched in the following version of MariaDB. - MariaDB 10.2.13 and later  - MariaDB 10.1.31 and later  - MariaDB 10.0.34 and later  - MariaDB 5.5.59 
Also ensure that MySQL is not directly accessible from the network unless it is essential for the application.
How It Works:
This vulnerability allows low privileged attacker with network access via multiple protocols to compromise a MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
More Information: -  https://wiki.egi.eu/wiki/SVG:Advisory-SVG-CVE-2018-2562 -  https://mariadb.com/kb/en/library/mariadb-102/ -  https://mariadb.com/kb/en/library/mariadb-101/ -  https://mariadb.com/kb/en/library/mariadb-100/ -  https://mariadb.com/kb/en/library/mariadb-55/
Please contact the OSG security team at [email protected] if you have any questions or concerns.
OSG Security Team