Red Hat Enterprise Linux 8 Security Advisory RHSA-2020-5663-01
red hat
December 22, 2020
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.
Summary
MariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.
The following packages have been upgraded to a later upstream version:
mariadb (10.3.27), galera (25.3.31). (BZ#1899085, BZ#1899089)
Security Fix(es):
* mariadb: Insufficient SST method name check leading to code injection in
mysql-wsrep (CVE-2020-15180)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
(CVE-2019-2537)
* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
(CVE-2019-2614)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr
2019) (CVE-2019-2627)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)
* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2737)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2019) (CVE-2019-2739)
* mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2740)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)
* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2805)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
(CVE-2019-2974)
* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2780)
* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2812)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)
* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
* mariadb-connector-c: Improper validation of content in a OK packet
received from server (CVE-2020-13249)
* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14765)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)
* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14789)
* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
(CVE-2020-14812)
* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899012)
* Queries with entity_id IN ('1', '2', …, '70000') run much slower in
MariaDB 10.3 than on MariaDB 10.1 (BZ#1899020)
* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster
bootstrap (BZ#1899025)
* There are undeclared file conflicts in several mariadb and mysql packages
(BZ#1899080)
References
https://access.redhat.com/security/cve/CVE-2019-2510 https://access.redhat.com/security/cve/CVE-2019-2537 https://access.redhat.com/security/cve/CVE-2019-2614 https://access.redhat.com/security/cve/CVE-2019-2627 https://access.redhat.com/security/cve/CVE-2019-2628 https://access.redhat.com/security/cve/CVE-2019-2737 https://access.redhat.com/security/cve/CVE-2019-2739 https://access.redhat.com/security/cve/CVE-2019-2740 https://access.redhat.com/security/cve/CVE-2019-2758 https://access.redhat.com/security/cve/CVE-2019-2805 https://access.redhat.com/security/cve/CVE-2019-2938 https://access.redhat.com/security/cve/CVE-2019-2974 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2760 https://access.redhat.com/security/cve/CVE-2020-2780 https://access.redhat.com/security/cve/CVE-2020-2812 https://access.redhat.com/security/cve/CVE-2020-2814 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-14765 https://access.redhat.com/security/cve/CVE-2020-14776 https://access.redhat.com/security/cve/CVE-2020-14789 https://access.redhat.com/security/cve/CVE-2020-14812 Read the Full Advisory
Package List
Red Hat Enterprise Linux AppStream E4S (v. 8.0):
Source:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.src.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.src.rpm
aarch64:
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm
galera-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
galera-debuginfo-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
galera-debugsource-25.3.31-1.module+el8.0.0+9239+73817dd5.aarch64.rpm
mariadb-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-backup-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-backup-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-common-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-debugsource-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-debuginfo-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
mariadb-embedded-devel-10.3.27-3.module+el8.0.0+9160+9822c5c7.aarch64.rpm
Read the Full Advisory
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2020:5663-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5663
Issue date: 2020-12-22
Topic
An update for the mariadb:10.3 module is now available for Red HatEnterprise Linux 8.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64
Bugs Fixed
1666751 - CVE-2019-2510 mysql: InnoDB unspecified vulnerability (CPU Jan 2019)
1666763 - CVE-2019-2537 mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)
1702969 - CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
1702976 - CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
1702977 - CVE-2019-2628 mysql: InnoDB unspecified vulnerability (CPU Apr 2019)
1731997 - CVE-2019-2737 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
1731999 - CVE-2019-2739 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
1732000 - CVE-2019-2740 mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
1732008 - CVE-2019-2758 mysql: InnoDB unspecified vulnerability (CPU Jul 2019)
1732025 - CVE-2019-2805 mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!