Red Hat Enterprise Linux 8: RHSA-2022-1556-01 Moderate: MariaDB Update

red hat

April 26, 2022

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Summary

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). (BZ#2050543)
Security Fix(es):
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
* mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050514)
* MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" (BZ#2050532)
* Crash: WSREP: invalid state ROLLED_BACK (FATAL) (BZ#2050533)
* Galera doesn't work without 'procps-ng' package MariaDB-10.3 (BZ#2050550)

Topics Covered

security advisory moderate update bug fix Red Hat Enterprise Linux SQL database MariaDB

References

https://access.redhat.com/security/cve/CVE-2021-2154 https://access.redhat.com/security/cve/CVE-2021-2166 https://access.redhat.com/security/cve/CVE-2021-2372 https://access.redhat.com/security/cve/CVE-2021-2389 https://access.redhat.com/security/cve/CVE-2021-35604 https://access.redhat.com/security/cve/CVE-2021-46657 https://access.redhat.com/security/cve/CVE-2021-46658 https://access.redhat.com/security/cve/CVE-2021-46662 https://access.redhat.com/security/cve/CVE-2021-46666 https://access.redhat.com/security/cve/CVE-2021-46667 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm galera-25.3.34-4.module+el8.5.0+14124+14ced695.src.rpm mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.src.rpm
aarch64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm galera-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm galera-debuginfo-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm galera-debugsource-25.3.34-4.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-backup-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-debugsource-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm mariadb-embedded-debuginfo-10.3.32-2.module+el8.5.0+14124+14ced695.aarch64.rpm

Read the Full Advisory

Advisory ID: RHSA-2022:1556-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2022:1556

Issue date: 2022-04-26

Topic

An update for the mariadb:10.3 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory moderate update bug fix Red Hat Enterprise Linux SQL database MariaDB

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

1981332 - mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command

1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021)

2049294 - CVE-2021-46658 mariadb: save_window_function_values triggers an abort during IN subquery

2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref

2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries

2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause

2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash

2050514 - mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhel-8.5.0.z]

2050532 - MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" [rhel-8.5.0.z]

2050533 - Crash: WSREP: invalid state ROLLED_BACK (FATAL) [rhel-8.5.0.z]

2050543 - Tracker: Rebase galera package to the newest for MariaDB-10.3 (25.3.34) [rhel-8.5.0.z]

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux 8: RHSA-2022-1556-01 Moderate: MariaDB Update

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux 8: RHSA-2022-1556-01 Moderate: MariaDB Update

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!