ALSA-2022:1557

[ALSA-2022:1557] Moderate: mariadb:10.5 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2022-04-28

Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. 

The following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)

Security Fix(es):

* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)

* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)

* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)

* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)

* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)

* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)

* mariadb: No password masking in audit log when using ALTER USER  IDENTIFIED BY  command (BZ#1981332)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)

* mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)

* Galera doesn't work without 'procps-ng' package MariaDB-10.5 (BZ#2050542)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mariadb-pam-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	15716c5dfa02f11aba9352adde08da05365a40486a124b72b7b1c00b3834c0a1
aarch64	mariadb-oqgraph-engine-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	15d479d5964015e95f758425ea8f89d37ca9a82fa59e60458e43101b854677cb
aarch64	mariadb-gssapi-server-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	2de0f8fe0ba0d5763aad23dc6f26cf140af5ae7274d71aa02ea964f517bd041d
aarch64	mariadb-server-galera-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	33dffb6fe2a9672e1f6468e261714556dd62d6e4d648c290795bae629343c5df
aarch64	mariadb-embedded-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	58011aa5705f4f0c781e0be995a7450c167b48a118d77976d9077d138608c4f5
aarch64	mariadb-test-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	6bd21be5c25d9b18ba0a2285cfb5eb467779c7b63dc5f8fd46f67509694a728b
aarch64	mariadb-errmsg-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	6f94989471a84c980bef3678c38b2f8d7c837e35d2483a81d5fcb6c811038bab
aarch64	mariadb-embedded-devel-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	8e9c32bbeec9d5957e5a44bba495f340f42561c9767d4de068098a5ccdf42feb
aarch64	galera-26.4.9-4.module_el8.6.0+2761+593e5e59.aarch64.rpm	a571c19528e559a15c4bd8a8a221900accc71cf4fc0041cd5f882ca7e48546b0
aarch64	mariadb-common-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	a59f8475218a0d005189045a1db5299ef681ef37b7dca043a44e113d8f8eb9f5
aarch64	mariadb-server-utils-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	ad58ec0293e38a8e25fe93946366e7d7ac23d53e18d50db700a1dfa1a17f1d88
aarch64	mariadb-backup-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	af3ee8ac15fe4f94275860a9fb0e7702a4349d71aad75a8b8e85b9c6a3a86a89
aarch64	mariadb-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	c8f91f10ade1d009535252142f7f6d0f9a79538be8a2e02d1608a52b5bae713f
aarch64	Judy-1.0.5-18.module_el8.6.0+2761+593e5e59.aarch64.rpm	d6a69d3a722b634e22140ac45951705586f6eacae111d6eddf8f0783a90dff0e
aarch64	mariadb-server-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	e409ddb4741872931dfc949e516fa47a66c534ac8c4256b4e2374bcd1388cfd2
aarch64	mariadb-devel-10.5.13-1.module_el8.6.0+2761+593e5e59.aarch64.rpm	f0040357305dfc85ff06f24caaba3f48f2a1a285d84167bb8325cd918f9ce7e0
ppc64le	mariadb-backup-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	0514f5722e1774a2f0876ab2c3bcd7246b64170924a0b755f2cb47cac89f8808
ppc64le	mariadb-embedded-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	1fc845ddbff723eb30f2ace599b25ff63fdd977ad1c12a6e7581b4043924319c
ppc64le	mariadb-gssapi-server-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	202163e9f69a2f527a0362d62314bee5e98c962e59e88ad5d3835b2b5e72c0f6
ppc64le	mariadb-devel-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	25601f17f411d6b874384994c541d8ad1f9228005075d20a369eab2a14b713ba
ppc64le	mariadb-errmsg-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	3325ed5c19b5f43142c2e6d9d3f65b936f9a8bcf02fd7ff09ad5935dd99e7b2b
ppc64le	Judy-1.0.5-18.module_el8.6.0+2867+72759d2f.ppc64le.rpm	42f8c8f57ae6c40142f826e44310a4fe8b0a5e996c2251190b01c9ea7112babe
ppc64le	mariadb-pam-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	5aa4021567f60eaa8b1ee7fcd52a27b18dec7bb73389bf6ca1a6c7df215e9687
ppc64le	galera-26.4.9-4.module_el8.6.0+2761+593e5e59.ppc64le.rpm	6019c5ce189b45be6d50b0aafaecca2abe88fb80cd95e245f040314e684d4ce2
ppc64le	mariadb-common-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	60ce38ea8c8dfd50d04f2fba2032c2c3c3e110b7e9f32eb1ee974b37e46c231a
ppc64le	mariadb-server-galera-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	654f91253c8b049f9faaf22d1ec380af7f388c99c60f3deb4d1af8c91304d85a
ppc64le	mariadb-oqgraph-engine-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	902c1fb54e30b4910d53fa05fb47d9907f989f8522a791993ff08662d11c2e07
ppc64le	mariadb-test-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	9988e9d471968097b5aac1707341c233bf5dd283273943ba274a74e909394bd7
ppc64le	mariadb-server-utils-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	a96db11b6727b038c9bb71717128731ecfb198b5bb195b9bfbbcacd0bc9f62fe
ppc64le	mariadb-server-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	b2e195b9be8413c935a78815890e7f2c52828eaab4942cbe3821a88c0f3683fb
ppc64le	mariadb-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	d4d6fd659206ccae5612919dec6dd76a9bacc532d0ebfb66f8de33e39ccc31eb
ppc64le	mariadb-embedded-devel-10.5.13-1.module_el8.6.0+2761+593e5e59.ppc64le.rpm	f42075c02e19324e1f781b63c39dfa89eb1b97e5b30c3b8a03202038042748e3
x86_64	mariadb-devel-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	166dd5d9746ff2f6117b8fa3d86cfc850c5ec8e67d4abc6875f5434140690197
x86_64	mariadb-server-galera-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	44c93bd2e0e682903cc142ed601c1bfb9f2c2f58dcca14cf60a7a07a74a7c532
x86_64	mariadb-common-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	70f4cb50a94bf21dec4be217fe25e033faa126ae4ae6bc39fd712fb2f4af1ab1
x86_64	mariadb-server-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	7200d54215f2b170225690fc0191ffdc6f91477acbfc1787c5298bd99bed0f27
x86_64	mariadb-pam-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	8027087339136ca2cde7ee3e574d3b4a0d9c5f46749426d3ffaeed15dbcd5352
x86_64	mariadb-gssapi-server-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	84d101476e14b63cf679b490690e85243b33a8845aacbbc2a5d8ce36fd498fbf
x86_64	Judy-1.0.5-18.module_el8.5.0+2637+d11efe18.x86_64.rpm	86842c34b09504a9f2b17cb06e98b00e08699d286f7b801f19ac6f5131e12355
x86_64	mariadb-test-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	977690225d6d3d2e0392e9e02c247374fc4a99afa54f94d53fc0bac3096915ac
x86_64	mariadb-backup-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	a2a0d68159d05ba56c1a34e0b259fd89c6ce37c45c6c6e1f4a3a6bfdabcf0460
x86_64	mariadb-errmsg-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	a725b109a0a031e42dd30f1cd0460d1089dbbd93bd0562e0a4db4b0893647452
x86_64	mariadb-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	b9120c16f01ea71234dcdc0de33774dd744478d10665401276c131443d3232d8
x86_64	mariadb-server-utils-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	ba1717a21616b9baacab87548cde0b68df7029bc274ab74e36b4b13ac5d526fa
x86_64	mariadb-oqgraph-engine-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	cee8da2a0f5722d42c9c6f58335086ce6ef7c50bd116f0e2dfab3285424d150c
x86_64	galera-26.4.9-4.module_el8.5.0+2637+d11efe18.x86_64.rpm	dbb4a45758883fff4788e7f842e0db6a56d6f7612b87dac26235726d3e49d799
x86_64	mariadb-embedded-devel-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	e9ea190c46d4cd62b52f3768151064986757d1e18771235b6d56667fe772e93e
x86_64	mariadb-embedded-10.5.13-1.module_el8.5.0+2637+d11efe18.x86_64.rpm	ea5f063a5da11f5b5ed5bd4205a5f0c009b96db27dd18b6ecb570d7902b49815

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.