Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 Jan 2018 16:12:23 -0700
From:      Adam Weinberger <adamw@adamw.org>
To:        "@lbutlr" <kremels@kreme.com>
Cc:        freebsd ports <freebsd-ports@freebsd.org>
Subject:   Re: MariaDB 10.0 is vulnerable
Message-ID:  <38290E32-C6DC-4C1A-8495-150E78B74E9C@adamw.org>
In-Reply-To: <3F28783C-B8A6-42D4-9BB0-1FA089E40567@kreme.com>
References:  <3F28783C-B8A6-42D4-9BB0-1FA089E40567@kreme.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> On 22 Jan, 2018, at 15:50, @lbutlr <kremels@kreme.com> wrote:
>
> I have a new server I am setting up and I am trying to make it identical  
> to the server I am retiring. Both are running FreeBSD 11.1
>
> Today I updated mariadb100-server to 10.0.33_1 on the original server,  
> but when I try to do that on the new server I get:
>
> ===>  Cleaning for mariadb100-server-10.0.33_1
> ===>  mariadb100-server-10.0.33_1 has known vulnerabilities:
> mariadb100-server-10.0.33_1 is vulnerable:
> MySQL -- multiple vulnerabilities
> CVE: CVE-2018-2703
> CVE: CVE-2018-2696
> CVE: CVE-2018-2668
> CVE: CVE-2018-2667
> CVE: CVE-2018-2665
> CVE: CVE-2018-2647
> CVE: CVE-2018-2646
> CVE: CVE-2018-2645
> CVE: CVE-2018-2640
> CVE: CVE-2018-2622
> CVE: CVE-2018-2612
> CVE: CVE-2018-2600
> CVE: CVE-2018-2591
> CVE: CVE-2018-2590
> CVE: CVE-2018-2586
> CVE: CVE-2018-2583
> CVE: CVE-2018-2576
> CVE: CVE-2018-2573
> CVE: CVE-2018-2565
> CVE: CVE-2018-2562
> WWW:  
> https://vuxml.FreeBSD.org/freebsd/e3445736-fd01-11e7-ac58-b499baebfeaf.html
>
> 1 problem(s) in the installed packages found.
> => Please update your ports tree and try again.
> => Note: Vulnerable ports are marked as such even if there is no update  
> available.
> => If you wish to ignore this vulnerability rebuild with 'make  
> DISABLE_VULNERABILITIES=yes’

What happened here is that there are multiple known vulnerabilities in  
MariaDB 10.0. Ports with known vulnerabilities are marked as vulnerable,  
even if there's no update available.

You can ignore the vulnerability by rebuilding with 'make  
DISABLE_VULNERABILITIES=yes".

# Adam


--
Adam Weinberger
adamw@adamw.org
http://www.adamw.org




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38290E32-C6DC-4C1A-8495-150E78B74E9C>