{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:5948","synopsis":"Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update","severity":"SEVERITY_MODERATE","topic":"An update for galera, mariadb, and mysql-selinux is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \nThe following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16), mysql-selinux (1.0.5).\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2049302","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2049302","description":"CVE-2021-46659 mariadb: Crash executing query with VIEW, aggregate and subquery"},{"ticket":"2050017","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050017","description":"CVE-2021-46661 mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)"},{"ticket":"2050022","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050022","description":"CVE-2021-46663 mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements"},{"ticket":"2050024","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050024","description":"CVE-2021-46664 mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr"},{"ticket":"2050026","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050026","description":"CVE-2021-46665 mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations"},{"ticket":"2050032","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050032","description":"CVE-2021-46668 mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements"},{"ticket":"2050034","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2050034","description":"CVE-2021-46669 mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used"},{"ticket":"2068211","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2068211","description":"CVE-2022-24052 mariadb: CONNECT storage engine heap-based buffer overflow"},{"ticket":"2068233","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2068233","description":"CVE-2022-24051 mariadb: lack of proper validation of a user-supplied string before using it as a format specifier"},{"ticket":"2068234","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2068234","description":"CVE-2022-24048 mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer"},{"ticket":"2069833","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2069833","description":"CVE-2022-24050 mariadb: lack of validating the existence of an object prior to performing operations on the object"},{"ticket":"2074817","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074817","description":"CVE-2022-27376 mariadb: assertion failure in Item_args::walk_arg"},{"ticket":"2074947","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074947","description":"CVE-2022-27377 mariadb: use-after-poison when complex conversion is involved in blob"},{"ticket":"2074949","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074949","description":"CVE-2022-27378 mariadb: server crash in create_tmp_table::finalize"},{"ticket":"2074951","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074951","description":"CVE-2022-27379 mariadb: server crash in component arg_comparator::compare_real_fixed"},{"ticket":"2074966","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074966","description":"CVE-2022-27380 mariadb: server crash at my_decimal::operator="},{"ticket":"2074981","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074981","description":"CVE-2022-27381 mariadb: server crash at Field::set_default via specially crafted SQL statements"},{"ticket":"2074987","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074987","description":"CVE-2022-27382 mariadb: assertion failure via component Item_field::used_tables\/update_depend_map_for_order"},{"ticket":"2074996","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074996","description":"CVE-2022-27383 mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c"},{"ticket":"2074999","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074999","description":"CVE-2022-27384 mariadb: crash via component Item_subselect::init_expr_cache_tracker"},{"ticket":"2075005","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075005","description":"CVE-2022-27386 mariadb: server crashes in query_arena::set_query_arena upon SELECT from view"},{"ticket":"2075006","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075006","description":"CVE-2022-27387 mariadb: assertion failures in decimal_bin_size"},{"ticket":"2075691","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075691","description":"CVE-2022-27445 mariadb: assertion failure in compare_order_elements"},{"ticket":"2075692","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075692","description":"CVE-2022-27446 mariadb: crash when using HAVING with IS NULL predicate in an equality"},{"ticket":"2075693","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075693","description":"CVE-2022-27447 mariadb: use-after-poison in Binary_string::free_buffer"},{"ticket":"2075694","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075694","description":"CVE-2022-27448 mariadb: crash in multi-update and implicit grouping"},{"ticket":"2075695","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075695","description":"CVE-2022-27449 mariadb: assertion failure in sql\/item_func.cc"},{"ticket":"2075696","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075696","description":"CVE-2022-27444 mariadb: crash when using HAVING with NOT EXIST predicate in an equality"},{"ticket":"2075697","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075697","description":"CVE-2022-27456 mariadb: assertion failure in VDec::VDec at \/sql\/sql_type.cc"},{"ticket":"2075699","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075699","description":"CVE-2022-27457 mariadb: incorrect key in \"dup value\" error after long unique"},{"ticket":"2075700","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075700","description":"CVE-2022-27458 mariadb: use-after-poison in Binary_string::free_buffer"},{"ticket":"2075701","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2075701","description":"CVE-2022-27455 mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING"},{"ticket":"2076144","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2076144","description":"CVE-2022-27451 mariadb: crash via window function in expression in ORDER BY"},{"ticket":"2076145","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2076145","description":"CVE-2022-27452 mariadb: assertion failure in sql\/item_cmpfunc.cc"},{"ticket":"2092354","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2092354","description":"CVE-2022-31622 mariadb: improper locking due to the unreleased lock in extra\/mariabackup\/ds_compress.cc"},{"ticket":"2092360","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2092360","description":"CVE-2022-31623 mariadb: improper locking due to the unreleased lock in extra\/mariabackup\/ds_compress.cc"},{"ticket":"2096271","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2096271","description":"SELinux is preventing wsrep_sst_rsync getattr of \/usr\/bin\/hostname [rhel-9.0.0.z]"},{"ticket":"2096274","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2096274","description":"Query returns wrong result when using split optimization [rhel-9.0.0.z]"},{"ticket":"2096276","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2096276","description":"[Tracker] Rebase to MariaDB 10.5.16 [rhel-9.0.0.z]"},{"ticket":"2096277","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2096277","description":"[Tracker] Rebase to Galera 26.4.11 [rhel-9.0.0.z]"}],"cves":[{"name":"CVE-2022-27376","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-27376.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-617"},{"name":"CVE-2022-27378","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-27378.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-89"},{"name":"CVE-2022-27445","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-27445.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":""}],"references":[],"publishedAt":"2023-01-25T21:21:29.148644Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2022:5948 galera

January 25, 2023
An update for galera, mariadb, and mysql-selinux is now available for Rocky Linux 9. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate

Summary

An update for galera, mariadb, and mysql-selinux is now available for Rocky Linux 9. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.


MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16), mysql-selinux (1.0.5). For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RPMs

References

No References

CVEs

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27376.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27378.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27445.json

Severity
Name: RLSA-2022:5948
Affected Products: Rocky Linux 9

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2049302

https://bugzilla.redhat.com/show_bug.cgi?id=2050017

https://bugzilla.redhat.com/show_bug.cgi?id=2050022

https://bugzilla.redhat.com/show_bug.cgi?id=2050024

https://bugzilla.redhat.com/show_bug.cgi?id=2050026

https://bugzilla.redhat.com/show_bug.cgi?id=2050032

https://bugzilla.redhat.com/show_bug.cgi?id=2050034

https://bugzilla.redhat.com/show_bug.cgi?id=2068211

https://bugzilla.redhat.com/show_bug.cgi?id=2068233

https://bugzilla.redhat.com/show_bug.cgi?id=2068234

https://bugzilla.redhat.com/show_bug.cgi?id=2069833

https://bugzilla.redhat.com/show_bug.cgi?id=2074817

https://bugzilla.redhat.com/show_bug.cgi?id=2074947

https://bugzilla.redhat.com/show_bug.cgi?id=2074949

https://bugzilla.redhat.com/show_bug.cgi?id=2074951

https://bugzilla.redhat.com/show_bug.cgi?id=2074966

https://bugzilla.redhat.com/show_bug.cgi?id=2074981

https://bugzilla.redhat.com/show_bug.cgi?id=2074987

https://bugzilla.redhat.com/show_bug.cgi?id=2074996

https://bugzilla.redhat.com/show_bug.cgi?id=2074999

https://bugzilla.redhat.com/show_bug.cgi?id=2075005

https://bugzilla.redhat.com/show_bug.cgi?id=2075006

https://bugzilla.redhat.com/show_bug.cgi?id=2075691

https://bugzilla.redhat.com/show_bug.cgi?id=2075692

https://bugzilla.redhat.com/show_bug.cgi?id=2075693

https://bugzilla.redhat.com/show_bug.cgi?id=2075694

https://bugzilla.redhat.com/show_bug.cgi?id=2075695

https://bugzilla.redhat.com/show_bug.cgi?id=2075696

https://bugzilla.redhat.com/show_bug.cgi?id=2075697

https://bugzilla.redhat.com/show_bug.cgi?id=2075699

https://bugzilla.redhat.com/show_bug.cgi?id=2075700

https://bugzilla.redhat.com/show_bug.cgi?id=2075701

https://bugzilla.redhat.com/show_bug.cgi?id=2076144

https://bugzilla.redhat.com/show_bug.cgi?id=2076145

https://bugzilla.redhat.com/show_bug.cgi?id=2092354

https://bugzilla.redhat.com/show_bug.cgi?id=2092360

https://bugzilla.redhat.com/show_bug.cgi?id=2096271

https://bugzilla.redhat.com/show_bug.cgi?id=2096274

https://bugzilla.redhat.com/show_bug.cgi?id=2096276

https://bugzilla.redhat.com/show_bug.cgi?id=2096277


Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved