Date: Mon, 22 Jan 2018 16:12:23 -0700 From: Adam Weinberger <adamw@adamw.org> To: "@lbutlr" <kremels@kreme.com> Cc: freebsd ports <freebsd-ports@freebsd.org> Subject: Re: MariaDB 10.0 is vulnerable Message-ID: <38290E32-C6DC-4C1A-8495-150E78B74E9C@adamw.org> In-Reply-To: <3F28783C-B8A6-42D4-9BB0-1FA089E40567@kreme.com> References: <3F28783C-B8A6-42D4-9BB0-1FA089E40567@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 22 Jan, 2018, at 15:50, @lbutlr <kremels@kreme.com> wrote: > > I have a new server I am setting up and I am trying to make it identical > to the server I am retiring. Both are running FreeBSD 11.1 > > Today I updated mariadb100-server to 10.0.33_1 on the original server, > but when I try to do that on the new server I get: > > ===> Cleaning for mariadb100-server-10.0.33_1 > ===> mariadb100-server-10.0.33_1 has known vulnerabilities: > mariadb100-server-10.0.33_1 is vulnerable: > MySQL -- multiple vulnerabilities > CVE: CVE-2018-2703 > CVE: CVE-2018-2696 > CVE: CVE-2018-2668 > CVE: CVE-2018-2667 > CVE: CVE-2018-2665 > CVE: CVE-2018-2647 > CVE: CVE-2018-2646 > CVE: CVE-2018-2645 > CVE: CVE-2018-2640 > CVE: CVE-2018-2622 > CVE: CVE-2018-2612 > CVE: CVE-2018-2600 > CVE: CVE-2018-2591 > CVE: CVE-2018-2590 > CVE: CVE-2018-2586 > CVE: CVE-2018-2583 > CVE: CVE-2018-2576 > CVE: CVE-2018-2573 > CVE: CVE-2018-2565 > CVE: CVE-2018-2562 > WWW: > https://vuxml.FreeBSD.org/freebsd/e3445736-fd01-11e7-ac58-b499baebfeaf.html > > 1 problem(s) in the installed packages found. > => Please update your ports tree and try again. > => Note: Vulnerable ports are marked as such even if there is no update > available. > => If you wish to ignore this vulnerability rebuild with 'make > DISABLE_VULNERABILITIES=yes’ What happened here is that there are multiple known vulnerabilities in MariaDB 10.0. Ports with known vulnerabilities are marked as vulnerable, even if there's no update available. You can ignore the vulnerability by rebuilding with 'make DISABLE_VULNERABILITIES=yes". # Adam -- Adam Weinberger adamw@adamw.org http://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38290E32-C6DC-4C1A-8495-150E78B74E9C>