AXSA:2022-3177:01

Release date: 
Wednesday, May 11, 2022 - 11:59
Subject: 
mariadb:10.3 security and bug fix update, mariadb-10.3.32-2.module+el8+1407+4fb0bcc2
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34).

Security Fix(es):

* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)
* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)
* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)
* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)
* mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade
* MariaDB logrotate leads to "gzip: stdin: file size changed while zipping"
* Crash: WSREP: invalid state ROLLED_BACK (FATAL)
* Galera doesn't work without 'procps-ng' package MariaDB-10.3

CVE-2021-2154
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2166
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2372
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2389
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-35604
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2021-46657
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
CVE-2021-46658
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
CVE-2021-46662
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
CVE-2021-46666
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
CVE-2021-46667
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

Modularity name: mariadb
Stream name: 10.3

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. asio-1.10.8-7.module+el8+1407+4fb0bcc2.src.rpm
    MD5: ee02bfe87c94f028cd8de15623fcd7bb
    SHA-256: 2a7c7900f8dfb3959d6613d3c9d978b702d6c9bbb62f509ec17a1620442c777c
    Size: 0.99 MB
  2. galera-25.3.34-4.module+el8+1407+4fb0bcc2.src.rpm
    MD5: a7064eab4800e1189f0a04a4a0b3004f
    SHA-256: e592aac1b0fa12f5cec47308b463d37d7463f5d1db95f19676910a0dc2c954a5
    Size: 3.25 MB
  3. Judy-1.0.5-18.module+el8+1407+4fb0bcc2.ML.1.src.rpm
    MD5: 3ed8d242fdafc6c5cb21506117c8f8ab
    SHA-256: e4b69b8d87d0fd125e7b73011eecd94bedee0ae858131d61aa73b16314f1c0c4
    Size: 1.10 MB
  4. mariadb-10.3.32-2.module+el8+1407+4fb0bcc2.src.rpm
    MD5: 90a3a4301650aa069f4d8ac46b4c2610
    SHA-256: d10956db42c118d58df6b5cfcd524d16d375a7645f83945c80940c2fa43eeccf
    Size: 64.55 MB

Asianux Server 8 for x86_64
  1. asio-devel-1.10.8-7.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: ea225b2888a60a8fd844df0f5f9cdfff
    SHA-256: d3071f85464153331494b00ff0163d563734ae720bb97bc41274c72b18da5500
    Size: 637.44 kB
  2. galera-25.3.34-4.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 62f5c81d2d841db82fc96bf82cc78e8f
    SHA-256: 41f3f360c53b0d076939cc4f412f6d4a50f411ecbc3cc9e909dbbb84708b197c
    Size: 1.42 MB
  3. galera-debugsource-25.3.34-4.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 7a742b1d2154a2bdd4d738409651cdf2
    SHA-256: 1e9de0675dc3cd4d9e3c4bedadc81470bb53e8701d4c93d910544642f8ea5947
    Size: 440.06 kB
  4. Judy-1.0.5-18.module+el8+1407+4fb0bcc2.ML.1.x86_64.rpm
    MD5: 9bd94d4b3efb2e1ac2af5625986e6dc0
    SHA-256: 36c7d92362741ca9fcab85e4b5438903acd9d08b879bd2531061a5d395f7236d
    Size: 129.23 kB
  5. Judy-debugsource-1.0.5-18.module+el8+1407+4fb0bcc2.ML.1.x86_64.rpm
    MD5: 83abc381f84e1297d1cc2a1f4fb856fe
    SHA-256: 5d53a75328c33f427bed9672b8a2dafe5e9e8ae9ff53caad48714adfe602aa43
    Size: 157.80 kB
  6. Judy-devel-1.0.5-18.module+el8+1407+4fb0bcc2.ML.1.x86_64.rpm
    MD5: 1709d9eb30cc8deaf7ffc0af58b5d8d2
    SHA-256: 7363439291f4470c45a6405485ebb3f3b461c63a496e3beff18e6b76a1ccea6c
    Size: 74.78 kB
  7. mariadb-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: c512f35821487d304d375d04859ee5b5
    SHA-256: 1882e403b9402678fe51c65721e033945fc32b170911f8439b9092dbf8d05340
    Size: 6.02 MB
  8. mariadb-backup-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 1b17e2038d1d42bef9b4ac4478230861
    SHA-256: 9152bd1d59e8de686037d6237bf5e7b7162f3fdc87e0f55925cecc45fcca1370
    Size: 6.07 MB
  9. mariadb-common-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: d1ef6ef908a1d5f577bbfa37ad7aff5f
    SHA-256: f4a8f9f72fe47dab7a655eeed183ff77600727fad9c39e2e2e62e8cef1d94ca9
    Size: 62.89 kB
  10. mariadb-debugsource-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: ec77faad739dfc333d8d2af3897d29c7
    SHA-256: b57cce66d1f2dc05e82d64b522d0e5a047c86d448cc184fe048794744894204b
    Size: 9.15 MB
  11. mariadb-devel-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 0940df40802a3a29fc159d5894aae24e
    SHA-256: 34a215d5c37be5bad06ab93b580a25678cee28d17cefbc1489f5322eb7405345
    Size: 1.05 MB
  12. mariadb-embedded-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 37cfe8f5e7f114aab9398d9cb9fa07fd
    SHA-256: e968213d2bea5802668356d808a9a8c9d778743bf0b94faac5c61c8dfa98398a
    Size: 4.97 MB
  13. mariadb-embedded-devel-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: e623313b80f0e2b67b7a3ec0da88e329
    SHA-256: 3dc4e2b380d92c71ddffc049e04aef86ab59ad587fea43fd49cffb94114bf70c
    Size: 43.45 kB
  14. mariadb-errmsg-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 86bb4bbca9340bb8cd5cf40ebca7499e
    SHA-256: 86661b926efa508de3c4c69fd8afb5ae7a698a727d05eb7d6527e9ebbcae71c3
    Size: 233.24 kB
  15. mariadb-gssapi-server-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: df8ab3ac534c61d3e2409e6b1a559247
    SHA-256: d0ccc3dbf5748f5a1ba8df34e8da85ca0ebcc902f28257834000f8fbdabb953b
    Size: 50.27 kB
  16. mariadb-oqgraph-engine-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: ea20949f7accfe47e9cb4885df6d53f0
    SHA-256: 98b53222a4cdace59aeb870ad4c300d43e50f64f2afdda8130f92b98117db522
    Size: 112.60 kB
  17. mariadb-server-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: a45e1a4099b777c1263ede389331c868
    SHA-256: e616e9365f29ec01cab8beb58db94b12882a71562228f45606584950c49818ad
    Size: 16.16 MB
  18. mariadb-server-galera-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 6ae1e535f92aa68d1e8dbd02d77bd3ec
    SHA-256: 4e87c0860e1561c2d691496ed80b72f4be05ec9bb593188ae46f98aa0a90b2d4
    Size: 60.07 kB
  19. mariadb-server-utils-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 8adaa2ae13837876efc7bee23084d6e2
    SHA-256: 30d3efec78812095344425a4b4e7ccec7f94014f9e33e20ada4d76785615b938
    Size: 1.14 MB
  20. mariadb-test-10.3.32-2.module+el8+1407+4fb0bcc2.x86_64.rpm
    MD5: 0a3eee068cda34f6f21b8a7f4818a44a
    SHA-256: d6d9dff1d9d1442bde476b561ed82b8f641757b94c38355aa9ab778f0f372204
    Size: 36.22 MB
  21. asio-devel-1.10.8-7.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: 87e80fa8d2065f03b28584e04c948045
    SHA-256: 52d26b255e79a8bbf83bc02876aa83f34ebf6bc0e003d5649756ece10e9e5b54
    Size: 637.46 kB
  22. galera-25.3.34-4.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: 968b6a1be630b4b1e9661d79ac80382c
    SHA-256: 890edb5627d2765a10558362331a0cabfa7a318e2f98e3797b7fbe7ff099dde5
    Size: 1.69 MB
  23. galera-debugsource-25.3.34-4.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: ed5cd08a5fb39166dbd1bef78e51884e
    SHA-256: 9bb92be78dcfa94b1b2678c646b0a2eed24ee4dab4fd997801630c472f95f3f8
    Size: 439.46 kB
  24. Judy-1.0.5-18.module+el8+1407+4fb0bcc2.ML.1.i686.rpm
    MD5: 22e4b0248bc116fc23129abe88dca8b9
    SHA-256: 25d5d0d3ea71c66a5ae35a01fb8ad42fa43e05523a524734db6e8071edae0ae9
    Size: 92.54 kB
  25. Judy-debugsource-1.0.5-18.module+el8+1407+4fb0bcc2.ML.1.i686.rpm
    MD5: acdd688017cc3d76ebd0977be3cbcfad
    SHA-256: ac7133d571c6c9114b4b99deae5d9a36a5eaa8406c68343c5c7aa6d37ba01124
    Size: 157.49 kB
  26. Judy-devel-1.0.5-18.module+el8+1407+4fb0bcc2.ML.1.i686.rpm
    MD5: 33d0844aa7ea1111b254d6c59e9cbd89
    SHA-256: 42a21a6bc95d315427e5de1586120f1a5314f0f761391c54a41d3c7825bcef6f
    Size: 74.81 kB
  27. mariadb-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: ff59a7839eff28f1cc4c82773135a4be
    SHA-256: 4b744752be4e5d79d6cc081c7ad2328984a43b08aaf301b270f8345d634572a8
    Size: 5.84 MB
  28. mariadb-backup-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: eb6d907d038bf00efeed0e48d38f2c9c
    SHA-256: c0438b386258df59f858894aa2304f09d24bc7832c6c2abf96f26357f90d839c
    Size: 6.17 MB
  29. mariadb-common-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: 1220d38ddc04563a888a60003ea04d95
    SHA-256: 19cc629e29a9d3a6e78682d7c5e545174369f848a5ffb42702b762bf949f9b12
    Size: 62.92 kB
  30. mariadb-debugsource-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: a7229c3e10a12493aa468b01ada6a192
    SHA-256: 8e71f67cf03e95ebb918ff793394d95c113f21814d46dfdf602bdbcc46a6b3b3
    Size: 9.14 MB
  31. mariadb-devel-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: 483ae0e85d856fe1b0250be4a16c5ca8
    SHA-256: c3281fd9195a36cc135e97fcde0248f8f586dbccc824936fa3fa5a028487a483
    Size: 1.05 MB
  32. mariadb-embedded-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: 88d6885d07b1c4afc4f8bc71502561ab
    SHA-256: fc9b89f91bea59f605d9b41d6c3e612a5f1b9d8f747be7a5217993aaa2f05960
    Size: 5.17 MB
  33. mariadb-embedded-devel-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: e60dbd194e86d8fb64a566fb3b119d36
    SHA-256: db2be6d90322382f74cf1fe2094046fb895017d36705bcc93b0346f12f7b48a4
    Size: 43.47 kB
  34. mariadb-errmsg-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: eadfea73ba0361ffe9d35d3274c2b5b7
    SHA-256: 1a05996ecefb259bd9dcda88ca14bce66b805bccb090372f11fb8d79076022b0
    Size: 233.28 kB
  35. mariadb-gssapi-server-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: f6547d59c4e227fa6cd119269007d1b1
    SHA-256: 617f0789b3d21626a0f3e4976494c7dc81928cf719b85ecd29151887ace702ae
    Size: 50.08 kB
  36. mariadb-oqgraph-engine-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: 1e6a3378fc91714842b19192a6eccdaf
    SHA-256: 7dcc18ef02525c9a53740a2800e1649ebc63641d85a0bb60df565f949518a9c8
    Size: 116.68 kB
  37. mariadb-server-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: 2e1f8b93764b853bdc197bd687ea38c3
    SHA-256: 5cbacecb22bd56dad52ed84101f3bb996fe0f538725402faf3af4bf1d3c72746
    Size: 16.30 MB
  38. mariadb-server-galera-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: fd0359212289a73f8fe4922f678d063e
    SHA-256: 2c9cb7bfba3f01ad5e4e2e820db070476a71d3dcb29d952b14e6f5d4ea5e491c
    Size: 60.10 kB
  39. mariadb-server-utils-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: cc344c336ebfedfdc0ac993d81b6dfe5
    SHA-256: 8002e79bbf22938233af1a6e539b3ec963dc7a2e58e5ea152910861a287061dd
    Size: 1.10 MB
  40. mariadb-test-10.3.32-2.module+el8+1407+4fb0bcc2.i686.rpm
    MD5: a0b2f6052a26eb73cea24ce2e32a8309
    SHA-256: 75c799facee259978d297185135ed025a7120d494bde9b55371209cb79e18005
    Size: 27.25 MB
Copyright 2007-2022 Cybertrust Japan Co., Ltd. All rights reserved.