Alpine: multiple mariadb packages: security update to 10.1.21-r0 (deprecated)

medium Tenable Cloud Security Plugin ID 400905

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through
5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. (CVE-2017-3302)

- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported
versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to
exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server
executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7
(Confidentiality impacts). (CVE-2017-3313)

See Also

https://git.alpinelinux.org/aports/commit/?id=3597bb4ea3f53255b366bec278b266dee2827fa4

https://git.alpinelinux.org/aports/commit/?id=3c979daea8b4edb2efde9199fe3ef7b4bb31f916

Plugin Details

Severity: Medium

ID: 400905

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Low

Base Score: 1.5

Temporal Score: 1.1

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2017-3313

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 3/17/2017

Vulnerability Publication Date: 1/17/2017

Reference Information

CVE: CVE-2017-3302, CVE-2017-3313

BID: 95527, 96162

IAVA: 2017-A-0024-S, 2017-A-0118-S