A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrep_sst_method
allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "mariadb-client-core-10.1": "1:10.1.47-0ubuntu0.18.04.1", "libmariadbclient18": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-client-10.1-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-oqgraph": "1:10.1.47-0ubuntu0.18.04.1", "libmariadbclient-dev": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-common": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-cracklib-password-check": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-spider": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-gssapi-server-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-cracklib-password-check-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-client-core-10.1-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-mroonga-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-gssapi-client-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-server": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-server-10.1": "1:10.1.47-0ubuntu0.18.04.1", "libmariadbclient-dev-compat": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-gssapi-server": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-server-10.1-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-tokudb-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-test-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-test-data": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-oqgraph-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-tokudb": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-server-core-10.1": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-gssapi-client": "1:10.1.47-0ubuntu0.18.04.1", "libmariadbclient18-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-mroonga": "1:10.1.47-0ubuntu0.18.04.1", "libmariadbd-dev": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-spider-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-connect": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-plugin-connect-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-client-10.1": "1:10.1.47-0ubuntu0.18.04.1", "libmariadbd18": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-client": "1:10.1.47-0ubuntu0.18.04.1", "libmariadbd18-dbgsym": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-test": "1:10.1.47-0ubuntu0.18.04.1", "mariadb-server-core-10.1-dbgsym": "1:10.1.47-0ubuntu0.18.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libmariadb3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-oqgraph": "1:10.3.25-0ubuntu0.20.04.1", "libmariadbclient-dev": "1:10.3.25-0ubuntu0.20.04.1", "libmariadbd19": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-cracklib-password-check": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-spider": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-gssapi-server-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-cracklib-password-check-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-mroonga-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-common": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-gssapi-client-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-server": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-gssapi-server": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-client-10.3": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-client-core-10.3": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-test-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-server-10.3": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-rocksdb-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-tokudb-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-test-data": "1:10.3.25-0ubuntu0.20.04.1", "libmariadb-dev-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-oqgraph-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-tokudb": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-server-core-10.3": "1:10.3.25-0ubuntu0.20.04.1", "libmariadb-dev-compat": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-gssapi-client": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-mroonga": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-client": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-client-core-10.3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-connect": "1:10.3.25-0ubuntu0.20.04.1", "libmariadb-dev": "1:10.3.25-0ubuntu0.20.04.1", "libmariadbd-dev": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-spider-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "libmariadbd19-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-backup-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-connect-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-backup": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-server-core-10.3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-server-10.3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-test": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-plugin-rocksdb": "1:10.3.25-0ubuntu0.20.04.1", "libmariadb3": "1:10.3.25-0ubuntu0.20.04.1", "mariadb-client-10.3-dbgsym": "1:10.3.25-0ubuntu0.20.04.1" } ] }