Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

RHEL 8.4 RHSA-2022:4818-01 Moderate: MariaDB Security Fix

red hat
Calendar Grey May 31, 2022
Dist Redhat Esm H88
A vital security update for MariaDB 10.3 on RHEL 8.4 has been released, tackling key vulnerabilities to ensure system stability and data integrity
An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.

Summary

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34).
Security Fix(es):
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
* mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)
* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
* mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command (BZ#1981332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WSREP race condition causes crash in mariadb 10.3.28, fixed in 10.3.32 (BZ#2077509)
* mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2079855)
* Galera doesn't work without 'procps-ng' package MariaDB-10.3 (BZ#2079858)
* Tracker: Rebase galera package to the newest for MariaDB-10.3 (25.3.34) (BZ#2079859)
* MariaDB logrotate leads to "gzip: stdin: file size changed while zipping" (BZ#2080159)

Topics%20covered

Topics Covered

security advisory bug fix security fix moderate impact sql database RHEL mariadb update

References

https://access.redhat.com/security/cve/CVE-2021-2154 https://access.redhat.com/security/cve/CVE-2021-2166 https://access.redhat.com/security/cve/CVE-2021-2372 https://access.redhat.com/security/cve/CVE-2021-2389 https://access.redhat.com/security/cve/CVE-2021-35604 https://access.redhat.com/security/cve/CVE-2021-46657 https://access.redhat.com/security/cve/CVE-2021-46658 https://access.redhat.com/security/cve/CVE-2021-46662 https://access.redhat.com/security/cve/CVE-2021-46666 https://access.redhat.com/security/cve/CVE-2021-46667 https://access.redhat.com/security/cve/CVE-2022-27385 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux AppStream EUS (v.8.4):
Source: Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm galera-25.3.34-4.module+el8.4.0+15058+0c3d11c7.src.rpm mariadb-10.3.32-2.module+el8.4.0+15058+0c3d11c7.src.rpm
aarch64: Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm galera-25.3.34-4.module+el8.4.0+15058+0c3d11c7.aarch64.rpm galera-debuginfo-25.3.34-4.module+el8.4.0+15058+0c3d11c7.aarch64.rpm galera-debugsource-25.3.34-4.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-backup-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-backup-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-common-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-debugsource-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-devel-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-embedded-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm mariadb-embedded-debuginfo-10.3.32-2.module+el8.4.0+15058+0c3d11c7.aarch64.rpm

Read the Full Advisory


Advisory ID: RHSA-2022:4818-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4818
Issue date: 2022-05-31

Topic

An update for the mariadb:10.3 module is now available for Red HatEnterprise Linux 8.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory bug fix security fix moderate impact sql database RHEL mariadb update

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1951752 - CVE-2021-2154 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

1951755 - CVE-2021-2166 mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

1981332 - mariadb: No password masking in audit log when using ALTER USER IDENTIFIED BY command

1992303 - CVE-2021-2372 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

1992309 - CVE-2021-2389 mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

2016101 - CVE-2021-35604 mysql: InnoDB unspecified vulnerability (CPU Oct 2021)

2049294 - CVE-2021-46658 mariadb: save_window_function_values triggers an abort during IN subquery

2049305 - CVE-2021-46657 mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref

2050019 - CVE-2021-46662 mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries

2050028 - CVE-2021-46666 mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause

2050030 - CVE-2021-46667 mariadb: Integer overflow in sql_lex.cc integer leading to crash

2075001 - CVE-2022-27385 mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join

2077509 - WSREP race condition causes crash in mariadb 10.3.28, fixed in 10.3.32 [rhel-8.4.0.z]

2079855 - mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade [rhel-8.4.0.z]

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here