alsa-2022:1557
Vulnerability from osv_almalinux
Published
2022-04-26 13:50
Modified
2022-04-28 12:56
Summary
Moderate: mariadb:10.5 security, bug fix, and enhancement update
Details
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)
Security Fix(es):
-
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
-
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
-
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
-
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
-
mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
-
mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
-
mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
-
mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
-
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
-
mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
-
mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)
-
mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)
-
Galera doesn't work without 'procps-ng' package MariaDB-10.5 (BZ#2050542)
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+2867+72759d2f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "Judy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.5-18.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.9-4.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.9-4.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-backup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-embedded-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-errmsg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-gssapi-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-oqgraph-engine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-pam"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-pam"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-galera"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-server-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.6.0+2761+593e5e59"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mariadb-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3:10.5.13-1.module_el8.5.0+2637+d11efe18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER \u003cuser\u003e IDENTIFIED BY \u003cpassword\u003e command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)\n\n* mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)\n\n* Galera doesn\u0027t work without \u0027procps-ng\u0027 package MariaDB-10.5 (BZ#2050542)",
"id": "ALSA-2022:1557",
"modified": "2022-04-28T12:56:03Z",
"published": "2022-04-26T13:50:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-1557.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2154"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2166"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2372"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-2389"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-35604"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46657"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46658"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46662"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46666"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-46667"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-21451"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-27385"
}
],
"related": [
"CVE-2021-2154",
"CVE-2021-2166",
"CVE-2021-2372",
"CVE-2021-2389",
"CVE-2021-35604",
"CVE-2021-46667",
"CVE-2021-46657",
"CVE-2021-46658",
"CVE-2021-46662",
"CVE-2021-46666"
],
"summary": "Moderate: mariadb:10.5 security, bug fix, and enhancement update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…