OESA-2021-1250
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1250
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1250.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1250
- Upstream
- Published
- 2021-07-03T11:03:01Z
- Modified
- 2025-08-12T05:05:24.850130Z
- Summary
- mariadb security update
- Details
-
MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.
Security Fix(es):
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotify_cmd. NOTE: this does not affect an Oracle product.(CVE-2021-27928)
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in
wsrep_sst_methodallows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.(CVE-2020-15180) - Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP1 / mariadb
Package
- Name
- mariadb
- Purl
- pkg:rpm/openEuler/mariadb&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.3.9-11.oe1
Ecosystem specific
{
"src": [
"mariadb-10.3.9-11.oe1.src.rpm"
],
"x86_64": [
"mariadb-gssapi-server-10.3.9-11.oe1.x86_64.rpm",
"mariadb-oqgraph-engine-10.3.9-11.oe1.x86_64.rpm",
"mariadb-devel-10.3.9-11.oe1.x86_64.rpm",
"mariadb-cracklib-10.3.9-11.oe1.x86_64.rpm",
"mariadb-debuginfo-10.3.9-11.oe1.x86_64.rpm",
"mariadb-10.3.9-11.oe1.x86_64.rpm",
"mariadb-errmessage-10.3.9-11.oe1.x86_64.rpm",
"mariadb-common-10.3.9-11.oe1.x86_64.rpm",
"mariadb-debugsource-10.3.9-11.oe1.x86_64.rpm",
"mariadb-embedded-10.3.9-11.oe1.x86_64.rpm",
"mariadb-server-10.3.9-11.oe1.x86_64.rpm",
"mariadb-server-galera-10.3.9-11.oe1.x86_64.rpm",
"mariadb-embedded-devel-10.3.9-11.oe1.x86_64.rpm",
"mariadb-test-10.3.9-11.oe1.x86_64.rpm",
"mariadb-backup-10.3.9-11.oe1.x86_64.rpm"
],
"aarch64": [
"mariadb-common-10.3.9-11.oe1.aarch64.rpm",
"mariadb-cracklib-10.3.9-11.oe1.aarch64.rpm",
"mariadb-debugsource-10.3.9-11.oe1.aarch64.rpm",
"mariadb-10.3.9-11.oe1.aarch64.rpm",
"mariadb-oqgraph-engine-10.3.9-11.oe1.aarch64.rpm",
"mariadb-embedded-10.3.9-11.oe1.aarch64.rpm",
"mariadb-gssapi-server-10.3.9-11.oe1.aarch64.rpm",
"mariadb-server-10.3.9-11.oe1.aarch64.rpm",
"mariadb-devel-10.3.9-11.oe1.aarch64.rpm",
"mariadb-server-galera-10.3.9-11.oe1.aarch64.rpm",
"mariadb-backup-10.3.9-11.oe1.aarch64.rpm",
"mariadb-debuginfo-10.3.9-11.oe1.aarch64.rpm",
"mariadb-embedded-devel-10.3.9-11.oe1.aarch64.rpm",
"mariadb-errmessage-10.3.9-11.oe1.aarch64.rpm",
"mariadb-test-10.3.9-11.oe1.aarch64.rpm"
]
}