UBUNTU-CVE-2021-27928

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2021-27928

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-27928.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-27928

Related

CVE-2021-27928

Published

2021-03-19T03:15:00Z

Modified

2021-03-19T03:15:00Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotify_cmd. NOTE: this does not affect an Oracle product.

References

Affected packages

Ubuntu:Pro:16.04:LTS / percona-server-5.6

Package

Name: percona-server-5.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.6.22-rel71.0-0ubuntu2

5.6.22-rel71.0-0ubuntu4

5.6.22-rel71.0-0ubuntu4.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / mariadb-10.1

Package

Name: mariadb-10.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.1.25-1

1:10.*

1:10.1.29-6

1:10.1.34-0ubuntu0.18.04.1

1:10.1.38-0ubuntu0.18.04.1

1:10.1.38-0ubuntu0.18.04.2

1:10.1.40-0ubuntu0.18.04.1

1:10.1.41-0ubuntu0.18.04.1

1:10.1.43-0ubuntu0.18.04.1

1:10.1.44-0ubuntu0.18.04.1

1:10.1.47-0ubuntu0.18.04.1

1:10.1.48-0ubuntu0.18.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / mariadb-10.3

Package

Name: mariadb-10.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:10.*

1:10.3.17-1

1:10.3.18-1

1:10.3.19-1

1:10.3.21-2

1:10.3.22-1

1:10.3.22-1ubuntu1

1:10.3.25-0ubuntu0.20.04.1

1:10.3.29-0ubuntu0.20.04.1

1:10.3.30-0ubuntu0.20.04.1

1:10.3.31-0ubuntu0.20.04.1

1:10.3.32-0ubuntu0.20.04.1

1:10.3.34-0ubuntu0.20.04.1

1:10.3.37-0ubuntu0.20.04.1

1:10.3.38-0ubuntu0.20.04.1

1:10.3.39-0ubuntu0.20.04.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}