ALSA-2022:1556
- Source
- https://errata.almalinux.org/8/ALSA-2022-1556.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1556.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2022:1556
- Related
- Published
- 2022-04-26T13:50:43Z
- Modified
- 2022-04-28T12:47:03Z
- Summary
- Moderate: mariadb:10.3 security and bug fix update
- Details
-
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). (BZ#2050543)
Security Fix(es):
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
mariadb: Crash in getsortby_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
mariadb: savewindowfunction_values triggers an abort during IN subquery (CVE-2021-46658)
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050514)
MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" (BZ#2050532)
Crash: WSREP: invalid state ROLLED_BACK (FATAL) (BZ#2050533)
Galera doesn't work without 'procps-ng' package MariaDB-10.3 (BZ#2050550)
- References
-
- https://errata.almalinux.org/8/ALSA-2022-1556.html
- https://vulners.com/cve/CVE-2021-2154
- https://vulners.com/cve/CVE-2021-2166
- https://vulners.com/cve/CVE-2021-2372
- https://vulners.com/cve/CVE-2021-2389
- https://vulners.com/cve/CVE-2021-35604
- https://vulners.com/cve/CVE-2021-46657
- https://vulners.com/cve/CVE-2021-46658
- https://vulners.com/cve/CVE-2021-46662
- https://vulners.com/cve/CVE-2021-46666
- https://vulners.com/cve/CVE-2021-46667
- https://vulners.com/cve/CVE-2022-21451
- https://vulners.com/cve/CVE-2022-27385
Affected packages
AlmaLinux:8 / Judy
Package
- Name
- Judy
AlmaLinux:8 / Judy
Package
- Name
- Judy
AlmaLinux:8 / Judy
Package
- Name
- Judy
AlmaLinux:8 / galera
Package
- Name
- galera
AlmaLinux:8 / galera
Package
- Name
- galera
AlmaLinux:8 / mariadb
Package
- Name
- mariadb
AlmaLinux:8 / mariadb
Package
- Name
- mariadb
AlmaLinux:8 / mariadb-backup
Package
- Name
- mariadb-backup
AlmaLinux:8 / mariadb-backup
Package
- Name
- mariadb-backup
AlmaLinux:8 / mariadb-common
Package
- Name
- mariadb-common
AlmaLinux:8 / mariadb-common
Package
- Name
- mariadb-common
AlmaLinux:8 / mariadb-devel
Package
- Name
- mariadb-devel
AlmaLinux:8 / mariadb-devel
Package
- Name
- mariadb-devel
AlmaLinux:8 / mariadb-embedded
Package
- Name
- mariadb-embedded
AlmaLinux:8 / mariadb-embedded
Package
- Name
- mariadb-embedded
AlmaLinux:8 / mariadb-embedded-devel
Package
- Name
- mariadb-embedded-devel
AlmaLinux:8 / mariadb-embedded-devel
Package
- Name
- mariadb-embedded-devel
AlmaLinux:8 / mariadb-errmsg
Package
- Name
- mariadb-errmsg
AlmaLinux:8 / mariadb-errmsg
Package
- Name
- mariadb-errmsg
AlmaLinux:8 / mariadb-gssapi-server
Package
- Name
- mariadb-gssapi-server
AlmaLinux:8 / mariadb-gssapi-server
Package
- Name
- mariadb-gssapi-server
AlmaLinux:8 / mariadb-oqgraph-engine
Package
- Name
- mariadb-oqgraph-engine
AlmaLinux:8 / mariadb-oqgraph-engine
Package
- Name
- mariadb-oqgraph-engine
AlmaLinux:8 / mariadb-server
Package
- Name
- mariadb-server
AlmaLinux:8 / mariadb-server
Package
- Name
- mariadb-server
AlmaLinux:8 / mariadb-server-galera
Package
- Name
- mariadb-server-galera
AlmaLinux:8 / mariadb-server-galera
Package
- Name
- mariadb-server-galera
AlmaLinux:8 / mariadb-server-utils
Package
- Name
- mariadb-server-utils
AlmaLinux:8 / mariadb-server-utils
Package
- Name
- mariadb-server-utils
AlmaLinux:8 / mariadb-test
Package
- Name
- mariadb-test