Gentoo: GLSA-202405-25: MariaDB: Security Advisory Updates
Summary
Multiple vulnerabilities have been discovered in MariaDB. Please review
the CVE identifiers referenced below for details.
Resolution
All MariaDB 10.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.6"
All MariaDB 10.11 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.11"
References
[ 1 ] CVE-2019-2938
https://nvd.nist.gov/vuln/detail/CVE-2019-2938
[ 2 ] CVE-2019-2974
https://nvd.nist.gov/vuln/detail/CVE-2019-2974
[ 3 ] CVE-2021-46661
https://nvd.nist.gov/vuln/detail/CVE-2021-46661
[ 4 ] CVE-2021-46662
https://nvd.nist.gov/vuln/detail/CVE-2021-46662
[ 5 ] CVE-2021-46663
https://nvd.nist.gov/vuln/detail/CVE-2021-46663
[ 6 ] CVE-2021-46664
https://nvd.nist.gov/vuln/detail/CVE-2021-46664
[ 7 ] CVE-2021-46665
https://nvd.nist.gov/vuln/detail/CVE-2021-46665
[ 8 ] CVE-2021-46666
https://nvd.nist.gov/vuln/detail/CVE-2021-46666
[ 9 ] CVE-2021-46667
https://nvd.nist.gov/vuln/detail/CVE-2021-46667
[ 10 ] CVE-2021-46668
https://nvd.nist.gov/vuln/detail/CVE-2021-46668
[ 11 ] CVE-2021-46669
https://nvd.nist.gov/vuln/detail/CVE-2021-46669
[ 12 ] CVE-2022-24048
https://nvd.nist.gov/vuln/detail/CVE-2022-24048
[ 13 ] CVE-2022-24050
https://nvd.nist.gov/vuln/detail/CVE-2022-24050
[ 14 ] CVE-2022-24051
https://nvd.nist.gov/vuln/detail/CVE-2022-24051
[ 15 ] CVE-2022-24052
https://nvd.nist.gov/vuln/detail/CVE-2022-24052
[ 16 ] CVE-2022-27376
https://nvd.nist.gov/vuln/detail/CVE-2022-27376
[ 17 ] CVE-2022-27377
https://nvd.nist.gov/vuln/detail/CVE-2022-27377
[ 18 ] CVE-2022-27378
https://nvd.nist.gov/vuln/detail/CVE-2022-27378
[ 19 ] CVE-2022-27379
https://nvd.nist.gov/vuln/detail/CVE-2022-27379
[ 20 ] CVE-2022-27380
https://nvd.nist.gov/vuln/detail/CVE-2022-27380
[ 21 ] CVE-2022-27381
https://nvd.nist.gov/vuln/detail/CVE-2022-27381
[ 22 ] CVE-2022-27382
https://nvd.nist.gov/vuln/detail/CVE-2022-27382
[ 23 ] CVE-2022-27383
https://nvd.nist.gov/vuln/detail/CVE-2022-27383
[ 24 ] CVE-2022-27384
https://nvd.nist.gov/vuln/detail/CVE-2022-27384
[ 25 ] CVE-2022-27385
https://nvd.nist.gov/vuln/detail/CVE-2022-27385
[ 26 ] CVE-2022-27386
https://nvd.nist.gov/vuln/detail/CVE-2022-27386
[ 27 ] CVE-2022-27444
https://nvd.nist.gov/vuln/detail/CVE-2022-27444
[ 28 ] CVE-2022-27445
https://nvd.nist.gov/vuln/detail/CVE-2022-27445
[ 29 ] CVE-2022-27446
https://nvd.nist.gov/vuln/detail/CVE-2022-27446
[ 30 ] CVE-2022-27447
https://nvd.nist.gov/vuln/detail/CVE-2022-27447
[ 31 ] CVE-2022-27448
https://nvd.nist.gov/vuln/detail/CVE-2022-27448
[ 32 ] CVE-2022-27449
https://nvd.nist.gov/vuln/detail/CVE-2022-27449
[ 33 ] CVE-2022-27451
https://nvd.nist.gov/vuln/detail/CVE-2022-27451
[ 34 ] CVE-2022-27452
https://nvd.nist.gov/vuln/detail/CVE-2022-27452
[ 35 ] CVE-2022-27455
https://nvd.nist.gov/vuln/detail/CVE-2022-27455
[ 36 ] CVE-2022-27456
https://nvd.nist.gov/vuln/detail/CVE-2022-27456
[ 37 ] CVE-2022-27457
https://nvd.nist.gov/vuln/detail/CVE-2022-27457
[ 38 ] CVE-2022-27458
https://nvd.nist.gov/vuln/detail/CVE-2022-27458
[ 39 ] CVE-2022-31621
https://nvd.nist.gov/vuln/detail/CVE-2022-31621
[ 40 ] CVE-2022-31622
https://nvd.nist.gov/vuln/detail/CVE-2022-31622
[ 41 ] CVE-2022-31623
https://nvd.nist.gov/vuln/detail/CVE-2022-31623
[ 42 ] CVE-2022-31624
https://nvd.nist.gov/vuln/detail/CVE-2022-31624
[ 43 ] CVE-2022-32081
https://nvd.nist.gov/vuln/detail/CVE-2022-32081
[ 44 ] CVE-2022-32082
https://nvd.nist.gov/vuln/detail/CVE-2022-32082
[ 45 ] CVE-2022-32083
https://nvd.nist.gov/vuln/detail/CVE-2022-32083
[ 46 ] CVE-2022-32084
https://nvd.nist.gov/vuln/detail/CVE-2022-32084
[ 47 ] CVE-2022-32085
https://nvd.nist.gov/vuln/detail/CVE-2022-32085
[ 48 ] CVE-2022-32086
https://nvd.nist.gov/vuln/detail/CVE-2022-32086
[ 49 ] CVE-2022-32088
https://nvd.nist.gov/vuln/detail/CVE-2022-32088
[ 50 ] CVE-2022-32089
https://nvd.nist.gov/vuln/detail/CVE-2022-32089
[ 51 ] CVE-2022-32091
https://nvd.nist.gov/vuln/detail/CVE-2022-32091
[ 52 ] CVE-2022-38791
https://nvd.nist.gov/vuln/detail/CVE-2022-38791
[ 53 ] CVE-2022-47015
https://nvd.nist.gov/vuln/detail/CVE-2022-47015
[ 54 ] CVE-2023-5157
https://nvd.nist.gov/vuln/detail/CVE-2023-5157
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-25
Concerns
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been discovered in MariaDB, the worst fo
which can lead to arbitrary execution of code.
Background
MariaDB is an enhanced, drop-in replacement for MySQL.
Affected Packages
Package Vulnerable Unaffected
-------------- --------------- ----------------
dev-db/mariadb < 10.11.3:10.11 >= 10.11.3:10.11
< 10.11.3:10.6 >= 10.6.13:10.6
< 10.11.3 >= 10.6.13
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.