MGASA-2022-0314 - Updated mariadb packages fix security vulnerability Publication date: 29 Aug 2022 URL: https://advisories.mageia.org/MGASA-2022-0314.html Type: security Affected Mageia releases: 8 CVE: CVE-2018-25032, CVE-2022-32081, CVE-2022-32082, CVE-2022-32084, CVE-2022-32089, CVE-2022-32091 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032) A use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. (CVE-2022-32081) An assertion failure at table->get_ref_count() == 0 in dict0dict.cc. (CVE-2022-32082) Segmentation fault via the component sub_select. (CVE-2022-32084) Segmentation fault via the component st_select_lex_unit::exclude_level. (CVE-2022-32089) References: - https://bugs.mageia.org/show_bug.cgi?id=30754 - https://mariadb.com/kb/en/mariadb-10517-release-notes/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32081 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32082 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32084 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32089 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32091 SRPMS: - 8/core/mariadb-10.5.17-1.mga8