MGASA-2021-0402 - Updated mariadb packages fix security vulnerabilities

Publication date: 14 Aug 2021
URL: https://advisories.mageia.org/MGASA-2021-0402.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-2372,
     CVE-2021-2389

Updated mariadb packages fix security vulnerabilities:

A security issue has been found in the InnoDB component of MariaDB
before version 10.6.4. A difficult to exploit vulnerability allows a
high privileged attacker with network access via multiple protocols to
compromise the MariaDB server. Successful attacks of this vulnerability
can result in the unauthorized ability to cause a hang or frequently
repeatable crash (complete denial of service) of the MariaDB server
(CVE-2021-2372).

A security issue has been found in the InnoDB component of MariaDB
before version 10.6.4. A difficult to exploit vulnerability allows an
unauthenticated attacker with network access via multiple protocols to
compromise the MariaDB server. Successful attacks of this vulnerability
can result in the unauthorized ability to cause a hang or frequently
repeatable crash (complete denial of service) of the MariaDB server
(CVE-2021-2389).

References:
- https://bugs.mageia.org/show_bug.cgi?id=29338
- https://mariadb.com/kb/en/mariadb-10512-release-notes/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2372
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2389

SRPMS:
- 8/core/mariadb-10.5.12-1.mga8