Security Vulnerabilities - MariaDB ColumnStore
This page is about security vulnerabilities that have been fixed for or still affect MariaDB ColumnStore. In addition links are included to fixed security vulnerabilities in MariaDB Server since MariaDB ColumnStore is based on MariaDB Server.
Sensitive security issues can be sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.
This first alpha version of MariaDB ColumnStore with version number 1.0.0 includes a few known vulnerabilities, which will be fixed in upcoming releases. As always, alpha versions of columnstore should never be used on production systems.
About CVEs
Contents
CVE® stands for "Common Vulnerabilities and Exposures". It is a publicly available and free to use database of known software vulnerabilities maintained at https://cve.mitre.org/
Open Vulnerabilities for MariaDB ColumnStore
The first alpha version of MariaDB ColumnStore with version number 1.0.0 is based on MariaDB Server version 10.1.10, which includes the following vulnerabilities:
These vulnerabilities have been fixed in MariaDB Server 10.1.12 and MariaDB ColumnStore will get the fixes when it is updated with the latest MariaDB Server version.
Other vulnerabilities affecting MariaDB ColumnStore
MariaDB ColumnStore makes use of an old version of Net-SNMP that has been bundled into the product. The version currently in use of Net-SNMP in ColumnStore is 5.2, which has a few known vulnerabilities:
Once MariaDB ColumnStore gets updated to include a newer version of Net-SNMP these vulnerabilities will not affect MariaDB ColumnStore anymore.
CVEs fixed in MariaDB Server
MariaDB ColumnStore is based on MariaDB Server. For a full list of CVEs fixed in MariaDB Server please refer to Security Vulnerabilities Fixed in MariaDB.
