rh-mariadb103-galera-25.3.32-2.el7, rh-mariadb103-mariadb-10.3.28-2.el7

エラータID: AXSA:2021-1755:02

Release date: 
Wednesday, May 19, 2021 - 22:01
Subject: 
rh-mariadb103-galera-25.3.32-2.el7, rh-mariadb103-mariadb-10.3.28-2.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: rh-mariadb103-mariadb (10.3.28), rh-mariadb103-galera (25.3.32).

Security Fix(es):

* mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user (CVE-2021-27928)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

Solution: 

Update packages.

CVEs: 
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
Additional Info: 

N/A

Download: 

SRPMS
  1. rh-mariadb103-galera-25.3.32-2.el7.src.rpm
    MD5: b419fec526be4099fab0fdcdc085a9fb
    SHA-256: 34957ba85ba6b32771d9d74b8eff0ea70aa3599c52b0e1071a3617cb7cf00f1c
    Size: 3.24 MB
  2. rh-mariadb103-mariadb-10.3.28-2.el7.src.rpm
    MD5: 2ac69383cf4e6ffe9fe2a5cd5ec71e7c
    SHA-256: 7422788545f385d8448e76fa6c88a1fa94cfc47055dc94c1e1a1b76548297e03
    Size: 64.23 MB

Asianux Server 7 for x86_64
  1. rh-mariadb103-galera-25.3.32-2.el7.x86_64.rpm
    MD5: 46e38f510fd2ec18fa1c13be202feca3
    SHA-256: 47815294eec596132ecb6cc750ad34d47a5ab4a37620e5ab7f3e29608ad70116
    Size: 1.13 MB
  2. rh-mariadb103-mariadb-10.3.28-2.el7.x86_64.rpm
    MD5: 447913ebf0aeed4843c57b4dbcdf7aaa
    SHA-256: adab0a091b4d431863575c6a624f10a5dfdffd161f64cbb55707f49376c68d87
    Size: 6.12 MB
  3. rh-mariadb103-mariadb-backup-10.3.28-2.el7.x86_64.rpm
    MD5: feeb76ba197bc4b071dfe79541a958af
    SHA-256: 3695f99a11036641ff86fe376a6c4011c0705a256921e40941d6f70c2c2dca6f
    Size: 6.23 MB
  4. rh-mariadb103-mariadb-backup-syspaths-10.3.28-2.el7.x86_64.rpm
    MD5: 32672d415cafb6799583e70ff9e78698
    SHA-256: 64bb9ef25358b68f73600c4f7a3bd1cc9069e034114ce6d489d5d0b5ea77c2ae
    Size: 39.68 kB
  5. rh-mariadb103-mariadb-common-10.3.28-2.el7.x86_64.rpm
    MD5: e2f695df66f0ff116cc5875d2cca4252
    SHA-256: 0b8ed0f75e78061204201412106d4e791199af9e0a01d7af919dcdaf181ab556
    Size: 59.03 kB
  6. rh-mariadb103-mariadb-config-10.3.28-2.el7.x86_64.rpm
    MD5: 38f166ec1377c70e2e335be3d035b136
    SHA-256: 3306f2ac5b3534843de9f3004a68de2117a1a5da185a10f402c7bff3ede1f776
    Size: 39.07 kB
  7. rh-mariadb103-mariadb-config-syspaths-10.3.28-2.el7.x86_64.rpm
    MD5: 6c2a7fee3ef244afd1850500238b07cc
    SHA-256: 4357ce75e5a8260b21265b24001022dc16ca1e8ae8ad83fb90dcc50e9a33cba6
    Size: 39.09 kB
  8. rh-mariadb103-mariadb-devel-10.3.28-2.el7.x86_64.rpm
    MD5: 19ed7d49acb8a46d08357325ce916ae5
    SHA-256: 49af8f0df3c441d336bd8a9058e64489a30d5f58b2db8baf7ff5228b7f455711
    Size: 1.06 MB
  9. rh-mariadb103-mariadb-errmsg-10.3.28-2.el7.x86_64.rpm
    MD5: cbb6b8946e30ba938ffc3f7239de4919
    SHA-256: 1e3fe3bb30607f134499b012ecf7efb2513bcde554b209ed42d777444471299b
    Size: 230.23 kB
  10. rh-mariadb103-mariadb-gssapi-server-10.3.28-2.el7.x86_64.rpm
    MD5: d8bc78a2ad3c8010beae5c7afb7321e8
    SHA-256: 452eef60e08038646b34262a7db9353384af9c0fc6059cdc2425ba28028e5700
    Size: 45.18 kB
  11. rh-mariadb103-mariadb-oqgraph-engine-10.3.28-2.el7.x86_64.rpm
    MD5: 7783a63838d3518e650875f56492752d
    SHA-256: 9b9dff7bb28bae6074fe3b16ba5bedbc1261798ca0d159d0cdc5c2a11c4d8397
    Size: 109.39 kB
  12. rh-mariadb103-mariadb-server-10.3.28-2.el7.x86_64.rpm
    MD5: 0553833363c598718a6a7e796ec6cabf
    SHA-256: 5b64ad4945b703fbfddc3534ac750f404d60dbf84734e821cd4856b42000d4b0
    Size: 16.91 MB
  13. rh-mariadb103-mariadb-server-galera-10.3.28-2.el7.x86_64.rpm
    MD5: 373793c9216e818b315173b5a79ce4bc
    SHA-256: a56a44e9f747c2aae88b4ecac00720bc6aea64eac8cae508e167436545361360
    Size: 56.20 kB
  14. rh-mariadb103-mariadb-server-galera-syspaths-10.3.28-2.el7.x86_64.rpm
    MD5: d782eaf109b4963cedd5bb8f8624df47
    SHA-256: edac2b0b7d709880ade47a5be135afb65935dddafd646b43496d231cf26a985e
    Size: 40.15 kB
  15. rh-mariadb103-mariadb-server-syspaths-10.3.28-2.el7.x86_64.rpm
    MD5: 2fe9fd2cab6015162f3e55b7820e621a
    SHA-256: b9dd5a848a89b753aa1a6221763f8e8947a52362c2d88be5d6b160f7585144a7
    Size: 46.92 kB
  16. rh-mariadb103-mariadb-server-utils-10.3.28-2.el7.x86_64.rpm
    MD5: d339443d04db0693abbdaf8b7519a0cf
    SHA-256: 6c63638e31b603a63d7bd7f2f37d65fa758bf60a5a85b9174a85f4a3210dcbbf
    Size: 1.16 MB
  17. rh-mariadb103-mariadb-server-utils-syspaths-10.3.28-2.el7.x86_64.rpm
    MD5: e6635b828c95bbb54522913982c29c04
    SHA-256: 30d086cedcd089e9b856d9b808ade6a6a2f287d557e1db604525356d0d5b2136
    Size: 41.94 kB
  18. rh-mariadb103-mariadb-syspaths-10.3.28-2.el7.x86_64.rpm
    MD5: aba1eec1b3300f0bc4002e7b297267c1
    SHA-256: 1ce7690513617afd4c5a6d1f3529b9cca699cdd6a8062d15738eee65fb0d79dc
    Size: 43.52 kB
  19. rh-mariadb103-mariadb-test-10.3.28-2.el7.x86_64.rpm
    MD5: a282c5c2a6a43f522a89734dbc943602
    SHA-256: 11c33efe304b61985f571ae384b06ed253a0f87ab93032a5b8d9cf0bcd83e910
    Size: 22.20 MB