-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: rh-mariadb105-mariadb security and bug fix update
Advisory ID:       RHSA-2022:1007-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1007
Issue date:        2022-03-22
CVE Names:         CVE-2021-2154 CVE-2021-2166 CVE-2021-2372 
                   CVE-2021-2389 CVE-2021-35604 CVE-2021-46657 
                   CVE-2021-46662 CVE-2021-46666 CVE-2021-46667 
====================================================================
1. Summary:

An update for rh-mariadb105-mariadb and rh-mariadb105-galera is now
available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server. For all
practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version:
rh-mariadb105-mariadb (10.5.13), rh-mariadb105-galera (26.4.9).
(BZ#2050547)

Security Fix(es):

* mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
(CVE-2021-2154)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
(CVE-2021-2166)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)

* mariadb: Integer overflow in sql_lex.cc integer leading to crash
(CVE-2021-46667)

* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having
outer ref (CVE-2021-46657)

* mariadb: Crash in set_var.cc via certain UPDATE queries with nested
subqueries (CVE-2021-46662)

* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause
to a WHERE clause (CVE-2021-46666)

* mariadb: No password masking in audit log when using ALTER USER 
IDENTIFIED BY  command (BZ#1981332)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* rh-mariadb105: /etc/security/user_map.conf getting overwritten with
mariadb-server upgrade (BZ#2050517)

* Galera doesn't work without 'procps-ng' package [rhscl-3] (BZ#2050548)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
1981332 - mariadb: No password masking in audit log when using ALTER USER  IDENTIFIED BY  command
1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash
2050510 - rh-mariadb105-mariadb: With ALTER USER ...IDENTIFIED BY command, password doesn't get replaced by asterisks in mariadb audit log [rhscl-3.8.z]
2050517 - rh-mariadb105: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhscl-3.8.z]
2050547 - Tracker: Rebase galera package to the newest for MariaDB-10.5 (25.4.9) [rhscl-3.8.z]
2050548 - Galera doesn't work without 'procps-ng' package [rhscl-3] [rhscl-3.8.z]

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-mariadb105-galera-26.4.9-3.el7.src.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.src.rpm

ppc64le:
rh-mariadb105-galera-26.4.9-3.el7.ppc64le.rpm
rh-mariadb105-galera-debuginfo-26.4.9-3.el7.ppc64le.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-backup-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-common-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-config-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-devel-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-libs-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-pam-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.ppc64le.rpm
rh-mariadb105-mariadb-test-10.5.13-1.el7.ppc64le.rpm

s390x:
rh-mariadb105-galera-26.4.9-3.el7.s390x.rpm
rh-mariadb105-galera-debuginfo-26.4.9-3.el7.s390x.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-backup-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-common-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-config-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-devel-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-libs-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-pam-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.s390x.rpm
rh-mariadb105-mariadb-test-10.5.13-1.el7.s390x.rpm

x86_64:
rh-mariadb105-galera-26.4.9-3.el7.x86_64.rpm
rh-mariadb105-galera-debuginfo-26.4.9-3.el7.x86_64.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-backup-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-common-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-config-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-devel-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-libs-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-pam-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-test-10.5.13-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-mariadb105-galera-26.4.9-3.el7.src.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.src.rpm

x86_64:
rh-mariadb105-galera-26.4.9-3.el7.x86_64.rpm
rh-mariadb105-galera-debuginfo-26.4.9-3.el7.x86_64.rpm
rh-mariadb105-mariadb-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-backup-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-common-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-config-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-devel-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-libs-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-pam-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.x86_64.rpm
rh-mariadb105-mariadb-test-10.5.13-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-2154
https://access.redhat.com/security/cve/CVE-2021-2166
https://access.redhat.com/security/cve/CVE-2021-2372
https://access.redhat.com/security/cve/CVE-2021-2389
https://access.redhat.com/security/cve/CVE-2021-35604
https://access.redhat.com/security/cve/CVE-2021-46657
https://access.redhat.com/security/cve/CVE-2021-46662
https://access.redhat.com/security/cve/CVE-2021-46666
https://access.redhat.com/security/cve/CVE-2021-46667
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYjnrcNzjgjWX9erEAQhx/A/+PM47hyxUdCgH5DZ4B5gzNAdYvCg8oLAL
HzbvNAP+mbO8f+DMIc/X2pcvi5NMBFx4h/AtyxKYTMlc+oVoNPsFcOq4BDG+O0NM
pDAxmr0ZW5SI5V8PPScehU2jsCuTLcikrK415buphTKnLMdtQBKw5p7HRP0Aohk+
2riAjoK8aHdEPjr1iO3DxJD5/apyYtjuJiPyj+F2cotf0Vf2oxITdD7Geoumo9L/
It+PJ6nGF9ka0aONIiMowqBIkANEaUxu2VQ1RbRgIWvRHM30cyFmrKAongQDEHDd
2Al8r7shO2Purq/F92SSfKqZ8GdIc6C3hBIFjMdzYReaewzs5riP4eWahpQFKkla
8dliWzo+I9UkjTvkzag6nxN+8GXWQnPHMQGolKawtgBLgDsqku8EcEsUq2v5okZk
uX7rV0/Sp9KEhfzpBjNBBEzzZM2h4J+EliCqYIBXck8Ty94gjci4S/MjNlF5FLOj
g6c8nRmju0GjBhWBAHJgEXMwD/vErPENGPO/YxcE1F6szjnVj+rDRPWLD9giOILV
wKmSy/VbJsmN4fDcw4wt2lc/HuzhsajSucbqVeStoCFvqz1ZlNETBPkh2MPxy4V0
YSh1gy0wRu5jynBkh8OJCapkv/BAGtfmPlY5gE2BPHrQ+TGdxESnr6JYSRxOcwi7
l7R7gOk1Nok=kV+J
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-1007:01 Moderate: rh-mariadb105-mariadb security and bug

An update for rh-mariadb105-mariadb and rh-mariadb105-galera is now available for Red Hat Software Collections

Summary

MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
The following packages have been upgraded to a later upstream version: rh-mariadb105-mariadb (10.5.13), rh-mariadb105-galera (26.4.9). (BZ#2050547)
Security Fix(es):
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
* mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* rh-mariadb105: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050517)
* Galera doesn't work without 'procps-ng' package [rhscl-3] (BZ#2050548)



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

References

https://access.redhat.com/security/cve/CVE-2021-2154 https://access.redhat.com/security/cve/CVE-2021-2166 https://access.redhat.com/security/cve/CVE-2021-2372 https://access.redhat.com/security/cve/CVE-2021-2389 https://access.redhat.com/security/cve/CVE-2021-35604 https://access.redhat.com/security/cve/CVE-2021-46657 https://access.redhat.com/security/cve/CVE-2021-46662 https://access.redhat.com/security/cve/CVE-2021-46666 https://access.redhat.com/security/cve/CVE-2021-46667 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-mariadb105-galera-26.4.9-3.el7.src.rpm rh-mariadb105-mariadb-10.5.13-1.el7.src.rpm
ppc64le: rh-mariadb105-galera-26.4.9-3.el7.ppc64le.rpm rh-mariadb105-galera-debuginfo-26.4.9-3.el7.ppc64le.rpm rh-mariadb105-mariadb-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-backup-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-common-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-config-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-devel-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-libs-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-pam-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-server-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.ppc64le.rpm rh-mariadb105-mariadb-test-10.5.13-1.el7.ppc64le.rpm
s390x: rh-mariadb105-galera-26.4.9-3.el7.s390x.rpm rh-mariadb105-galera-debuginfo-26.4.9-3.el7.s390x.rpm rh-mariadb105-mariadb-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-backup-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-common-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-config-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-devel-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-libs-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-pam-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-server-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.s390x.rpm rh-mariadb105-mariadb-test-10.5.13-1.el7.s390x.rpm
x86_64: rh-mariadb105-galera-26.4.9-3.el7.x86_64.rpm rh-mariadb105-galera-debuginfo-26.4.9-3.el7.x86_64.rpm rh-mariadb105-mariadb-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-backup-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-common-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-config-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-devel-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-libs-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-pam-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-test-10.5.13-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-mariadb105-galera-26.4.9-3.el7.src.rpm rh-mariadb105-mariadb-10.5.13-1.el7.src.rpm
x86_64: rh-mariadb105-galera-26.4.9-3.el7.x86_64.rpm rh-mariadb105-galera-debuginfo-26.4.9-3.el7.x86_64.rpm rh-mariadb105-mariadb-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-backup-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-common-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-config-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-debuginfo-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-devel-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-errmsg-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-libs-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-pam-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-galera-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-utils-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-syspaths-10.5.13-1.el7.x86_64.rpm rh-mariadb105-mariadb-test-10.5.13-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2022:1007-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1007
Issued Date: : 2022-03-22
CVE Names: CVE-2021-2154 CVE-2021-2166 CVE-2021-2372 CVE-2021-2389 CVE-2021-35604 CVE-2021-46657 CVE-2021-46662 CVE-2021-46666 CVE-2021-46667

Topic

An update for rh-mariadb105-mariadb and rh-mariadb105-galera is nowavailable for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64


Bugs Fixed

1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

1981332 - mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command

1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021)

2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref

2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries

2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause

2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash

2050510 - rh-mariadb105-mariadb: With ALTER USER ...IDENTIFIED BY command, password doesn't get replaced by asterisks in mariadb audit log [rhscl-3.8.z]

2050517 - rh-mariadb105: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhscl-3.8.z]

2050547 - Tracker: Rebase galera package to the newest for MariaDB-10.5 (25.4.9) [rhscl-3.8.z]

2050548 - Galera doesn't work without 'procps-ng' package [rhscl-3] [rhscl-3.8.z]


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved