RedHat: RHSA-2022-1007:01 Moderate: rh-mariadb105-mariadb security and bug
Summary
MariaDB is a multi-user, multi-threaded SQL database server. For all
practical purposes, MariaDB is binary-compatible with MySQL.
The following packages have been upgraded to a later upstream version:
rh-mariadb105-mariadb (10.5.13), rh-mariadb105-galera (26.4.9).
(BZ#2050547)
Security Fix(es):
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
(CVE-2021-2154)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
(CVE-2021-2166)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
* mariadb: Integer overflow in sql_lex.cc integer leading to crash
(CVE-2021-46667)
* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having
outer ref (CVE-2021-46657)
* mariadb: Crash in set_var.cc via certain UPDATE queries with nested
subqueries (CVE-2021-46662)
* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause
to a WHERE clause (CVE-2021-46666)
* mariadb: No password masking in audit log when using ALTER USER
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* rh-mariadb105: /etc/security/user_map.conf getting overwritten with
mariadb-server upgrade (BZ#2050517)
* Galera doesn't work without 'procps-ng' package [rhscl-3] (BZ#2050548)
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.
References
https://access.redhat.com/security/cve/CVE-2021-2154 https://access.redhat.com/security/cve/CVE-2021-2166 https://access.redhat.com/security/cve/CVE-2021-2372 https://access.redhat.com/security/cve/CVE-2021-2389 https://access.redhat.com/security/cve/CVE-2021-35604 https://access.redhat.com/security/cve/CVE-2021-46657 https://access.redhat.com/security/cve/CVE-2021-46662 https://access.redhat.com/security/cve/CVE-2021-46666 https://access.redhat.com/security/cve/CVE-2021-46667 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
rh-mariadb105-galera-26.4.9-3.el7.src.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.src.rpm
ppc64le:
rh-mariadb105-galera-26.4.9-3.el7.ppc64le.rpm
rh-mariadb105-galera-debuginfo-26.4.9-3.el7.ppc64le.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-backup-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-common-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-config-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-devel-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-libs-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-pam-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-test-10.5.13-1.el7.ppc64le.rpm
s390x:
rh-mariadb105-galera-26.4.9-3.el7.s390x.rpm
rh-mariadb105-galera-debuginfo-26.4.9-3.el7.s390x.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-backup-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-common-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-config-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-devel-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-libs-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-pam-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-test-10.5.13-1.el7.s390x.rpm
x86_64:
rh-mariadb105-galera-26.4.9-3.el7.x86_64.rpm
rh-mariadb105-galera-debuginfo-26.4.9-3.el7.x86_64.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-backup-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-common-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-config-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-devel-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-libs-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-pam-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-test-10.5.13-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-mariadb105-galera-26.4.9-3.el7.src.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.src.rpm
x86_64:
rh-mariadb105-galera-26.4.9-3.el7.x86_64.rpm
rh-mariadb105-galera-debuginfo-26.4.9-3.el7.x86_64.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-backup-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-common-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-config-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-devel-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-libs-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-pam-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-test-10.5.13-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for rh-mariadb105-mariadb and rh-mariadb105-galera is nowavailable for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Bugs Fixed
1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
1981332 - mariadb: No password masking in audit log when using ALTER USER
1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash
2050510 - rh-mariadb105-mariadb: With ALTER USER ...IDENTIFIED BY command, password doesn't get replaced by asterisks in mariadb audit log [rhscl-3.8.z]
2050517 - rh-mariadb105: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhscl-3.8.z]
2050547 - Tracker: Rebase galera package to the newest for MariaDB-10.5 (25.4.9) [rhscl-3.8.z]
2050548 - Galera doesn't work without 'procps-ng' package [rhscl-3] [rhscl-3.8.z]