MariaDB - Critical Vulnerability CVE-2020-13249

Discussion in 'Server Operation' started by Agent_M, May 27, 2020.

  1. Agent_M

    Agent_M Member

    I received the following email yesterday from my VPS provider:
    I am using ubuntu 18.04 ( I think the mariadb version is 10.1.44? )
    1. Any advice on the best way to upgrade Mariadb?
    2. Do I just need to add the repository for a later version of mariadb? then use apt-get to install it?
    3. Do I need to remove 10.1.44 before installing new version?
    4. Do I need to reconfigure it once the new version is installed, or will it retain the settings from when I installed 10.1.44
    5. Which version of Mariadb should I install, does it matter? 10.2.32 - 10.3.23 - 10.4.13 - 10.5.3?
    6. Any other advice to help prevent any kind of data loss, or serious downtime?

    Thanks for any advice you can offer :)
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You can see which version of mariadb you have installed:
    apt policy mariadb-server
    And for the package that has MariaDB Connector/C:
    apt policy libmariadb3
    If you do not have that installed, then that vulnerability should not exist on your server.
    When Ubuntu releases a patch for that vulnerability, you should be able to find news about that and instructions on how to upgrade here:
    Agent_M likes this.
  3. Agent_M

    Agent_M Member

    Installed: 1:10.1.44-0ubuntu0.18.04.1
    Candidate: 1:10.1.44-0ubuntu0.18.04.1
    Version table:
    *** 1:10.1.44-0ubuntu0.18.04.1 500
    500 bionic-updates/universe amd64 Packages
    500 bionic-updates/universe i386 Packages
    500 bionic-security/universe amd64 Packages
    500 bionic-security/universe i386 Packages
    100 /var/lib/dpkg/status
    1:10.1.29-6 500
    500 bionic/universe amd64 Packages
    500 bionic/universe i386 Packages

    Installed: (none)
    Candidate: 3.0.3-1build1
    Version table:
    3.0.3-1build1 500
    500 bionic/universe amd64 Packages

    So it doesn't look like that component is installed, so I'm good :)

    Thank you so much Taleman, saved me from an unnecessary upgrade :)

Share This Page