MariaDB 10.0 is vulnerable
Adam Weinberger
adamw at adamw.org
Mon Jan 22 23:12:36 UTC 2018
> On 22 Jan, 2018, at 15:50, @lbutlr <kremels at kreme.com> wrote:
>
> I have a new server I am setting up and I am trying to make it identical
> to the server I am retiring. Both are running FreeBSD 11.1
>
> Today I updated mariadb100-server to 10.0.33_1 on the original server,
> but when I try to do that on the new server I get:
>
> ===> Cleaning for mariadb100-server-10.0.33_1
> ===> mariadb100-server-10.0.33_1 has known vulnerabilities:
> mariadb100-server-10.0.33_1 is vulnerable:
> MySQL -- multiple vulnerabilities
> CVE: CVE-2018-2703
> CVE: CVE-2018-2696
> CVE: CVE-2018-2668
> CVE: CVE-2018-2667
> CVE: CVE-2018-2665
> CVE: CVE-2018-2647
> CVE: CVE-2018-2646
> CVE: CVE-2018-2645
> CVE: CVE-2018-2640
> CVE: CVE-2018-2622
> CVE: CVE-2018-2612
> CVE: CVE-2018-2600
> CVE: CVE-2018-2591
> CVE: CVE-2018-2590
> CVE: CVE-2018-2586
> CVE: CVE-2018-2583
> CVE: CVE-2018-2576
> CVE: CVE-2018-2573
> CVE: CVE-2018-2565
> CVE: CVE-2018-2562
> WWW:
> https://vuxml.FreeBSD.org/freebsd/e3445736-fd01-11e7-ac58-b499baebfeaf.html
>
> 1 problem(s) in the installed packages found.
> => Please update your ports tree and try again.
> => Note: Vulnerable ports are marked as such even if there is no update
> available.
> => If you wish to ignore this vulnerability rebuild with 'make
> DISABLE_VULNERABILITIES=yes’
What happened here is that there are multiple known vulnerabilities in
MariaDB 10.0. Ports with known vulnerabilities are marked as vulnerable,
even if there's no update available.
You can ignore the vulnerability by rebuilding with 'make
DISABLE_VULNERABILITIES=yes".
# Adam
--
Adam Weinberger
adamw at adamw.org
http://www.adamw.org
More information about the freebsd-ports
mailing list