mariadb:10.3 security, bug fix, and enhancement update

エラータID: AXSA:2023-6436:01

Release date: 
Tuesday, September 26, 2023 - 01:36
Subject: 
mariadb:10.3 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

The following packages have been upgraded to a later upstream version: mariadb (10.3).

Security Fix(es):

* mariadb: segmentation fault via the component sub_select (CVE-2022-32084)
* mariadb: server crash in JOIN_CACHE::free or in copy_fields (CVE-2022-32091)
* mariadb: compress_write() fails to release mutex on failure (CVE-2022-38791)
* mariadb: NULL pointer dereference in spider_db_mbase::print_warnings() (CVE-2022-47015)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-32084
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32091
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
CVE-2022-38791
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
CVE-2022-47015
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

Modularity name: "mariadb"
Stream name: "10.3"

Solution: 

Update packages.

CVEs: 
CVE-2022-32084
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32091
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
CVE-2022-38791
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
CVE-2022-47015
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
Additional Info: 

N/A

Download: 

SRPMS
  1. asio-1.10.8-7.module+el8+1659+c1edb637.src.rpm
    MD5: d8b56483d5ec63c5c148c6121ea72142
    SHA-256: e17e90065d715dc51d0066f979969af0d7f19373f6493507fcd4c1e3ee9443b0
    Size: 0.99 MB
  2. galera-25.3.37-1.module+el8+1659+c1edb637.src.rpm
    MD5: 3411ebc4b9e8d065d840a0e776fcfc30
    SHA-256: c5f7ba96e5fe6ef840ffa867da6c2fcee1a4132d3e785d1d9212698e058a7dfc
    Size: 3.25 MB
  3. Judy-1.0.5-18.module+el8+1659+c1edb637.src.rpm
    MD5: 56163c5fbdc48b81d6768459590f70ca
    SHA-256: 32b1f8143764332ff8145f55ac924d79db38e5f7fee743a272c5f405449fb70c
    Size: 1.10 MB
  4. mariadb-10.3.39-1.module+el8+1659+c1edb637.src.rpm
    MD5: f26c8cac492ec30567b843bf59b79a63
    SHA-256: 5c4d691a4b9c26ea356a22fbbac7fe5a84077f34dbe1c9e7cc54fe069dfb2463
    Size: 65.60 MB

Asianux Server 8 for x86_64
  1. asio-devel-1.10.8-7.module+el8+1659+c1edb637.i686.rpm
    MD5: 007daf88ac28bbd7b8e82de07adbcf81
    SHA-256: 25f6d45a15764f7bac541f45eeebf74e12e07672689d260678f5b6b33a8e2747
    Size: 637.47 kB
  2. asio-devel-1.10.8-7.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 5865b80f3d29c92f367140c3d274a0c5
    SHA-256: 791c84d4e3f60b8313b070e8e261d118afaa1d3884b73651d1be9f3806920997
    Size: 637.44 kB
  3. galera-25.3.37-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 08bd426670e234df17b88c10ec35a08d
    SHA-256: 83484726ece0d2367b057db35d36778171cdc08ed397596275bfc3f4992386f9
    Size: 1.70 MB
  4. galera-25.3.37-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 0a3f47748df2414e27863bd50e954411
    SHA-256: 2eba62071be10ceb6bcab8073d6f92b0c8574303d7b65c32b1865d0f10a6e48d
    Size: 1.42 MB
  5. galera-debugsource-25.3.37-1.module+el8+1659+c1edb637.i686.rpm
    MD5: f775fc8497106712358f6227b8cb9698
    SHA-256: 760f22b9895acabffdfad9dc5fde63859df852e3202794516adad10fe2190bb7
    Size: 441.22 kB
  6. galera-debugsource-25.3.37-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 83a9567e2a8f3f63c22ad9522170d2c2
    SHA-256: 4f2260333261ff983896789ba7f2ef81fe4df7852cc3f03dd7ff76e9e69e17b4
    Size: 441.83 kB
  7. Judy-1.0.5-18.module+el8+1659+c1edb637.i686.rpm
    MD5: da1321876fef647c8e050cfc51a389f6
    SHA-256: 762095a6a150ae190a50a15e566647a2f4a1ae7a40d73b002b45f9c53431abf8
    Size: 92.43 kB
  8. Judy-1.0.5-18.module+el8+1659+c1edb637.x86_64.rpm
    MD5: bf3dec9b4738cd1da21598da4c3e5693
    SHA-256: 0c28b01ed88809156cbaa589a0f38d2e4b74caf5fa82c601f0666f179ddfed62
    Size: 129.13 kB
  9. Judy-debugsource-1.0.5-18.module+el8+1659+c1edb637.i686.rpm
    MD5: a912597c44cfa43b454bb366f8e373ba
    SHA-256: 3c381a0fbc9c58c5dae11929fbfbbaa44b20e959a41c2f1ad994c0c1c53016af
    Size: 157.35 kB
  10. Judy-debugsource-1.0.5-18.module+el8+1659+c1edb637.x86_64.rpm
    MD5: af8c5351daac87835d73e0cecd66fc95
    SHA-256: 69b80b7858b77c8bdf27a9cab6873a3ea92457bc14e313268901a89bfa7d55b3
    Size: 157.63 kB
  11. Judy-devel-1.0.5-18.module+el8+1659+c1edb637.i686.rpm
    MD5: 04e0aae49cd36d294c0883ce5824f49a
    SHA-256: 5f597aad90974775de7d98f0f69f80b51253e6e735415654047a41a91681d80e
    Size: 74.64 kB
  12. Judy-devel-1.0.5-18.module+el8+1659+c1edb637.x86_64.rpm
    MD5: ffd41bea875fc4286f85113156fed6a1
    SHA-256: 710892a819e7a87522f9caf46e504a0b4fab023a522883fdc8594c4f651b812f
    Size: 74.62 kB
  13. mariadb-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 6bdeb38ba5339bd929ba7145eb6396a3
    SHA-256: 8fede886bdbec906257ab9cbdb753cd1ac4375f466c48f539bd9532e3d8c2204
    Size: 5.84 MB
  14. mariadb-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 62e7de75de75d3fa750c6c2e006b5a0b
    SHA-256: 32e9e8de3a6fd05c4804ac66bd926bad1c3164016107774d75d522c7a9d3430a
    Size: 6.02 MB
  15. mariadb-backup-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 0729df766906ea5b6d28372b0b9983e2
    SHA-256: a6a6bf64ae36ec71e310dcf660928b020b15ff80a11070e3dca4c615c004748b
    Size: 6.17 MB
  16. mariadb-backup-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 810db82a9bf08c23128aa3c38c3598e5
    SHA-256: 6b1190a038545016dd9aa1db3546ae8669547d79ff41eacea2fa6605c980af8c
    Size: 6.08 MB
  17. mariadb-common-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 5a0ef3d0fd9ad52ffdb90790a8abe0f1
    SHA-256: b0bc4d9e7c84b47fc32df58159d7700aa50241a842d675dd0e5c5a99f119b240
    Size: 63.27 kB
  18. mariadb-common-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: a9cfc226409b1039e8c0dc1131e97f5f
    SHA-256: 8310ec6071a9f125b8528eb4f48d5da93f577881c761a3f2152bff77c3e69025
    Size: 63.24 kB
  19. mariadb-debugsource-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: da5466926459ea825bdc843e806b3084
    SHA-256: c96e49fc86521d25ec6edef73df98664fa5cce748620681a8bd70b8f940487e5
    Size: 9.17 MB
  20. mariadb-debugsource-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 4329a1d80d8d7f2c2f09a8c48ad9e025
    SHA-256: fc42b58751da4063f747207f85ce2c050f25be7603bf37709be6f645895efa53
    Size: 9.17 MB
  21. mariadb-devel-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 34c609300cbdaff25a2a02c110a5d3be
    SHA-256: ac4d5638bd65c7b8e3352e966502c3e13aedf1117f6ee1824a1e837534c2f207
    Size: 1.06 MB
  22. mariadb-devel-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 249b245d25740c41d431eb29c5390f03
    SHA-256: dad76e0fb5ff11562578ff6dcaceabbaee533873605f57e1e336f7ce9bf8aafe
    Size: 1.06 MB
  23. mariadb-embedded-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: b25e6fe47f6c10d3074eff2f4b82c36b
    SHA-256: e0dfdd6a12f5521894352ae53e6e3e6a977e3f96390bacb4473fe4c730ed9ac8
    Size: 5.17 MB
  24. mariadb-embedded-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 410488ab59a816d23b437ff7cf1a3d5c
    SHA-256: b7a2222a6a92669bfd5083957e454f3f2dcd4f1a81f72569deffc5b2cfdafd33
    Size: 4.98 MB
  25. mariadb-embedded-devel-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 8646812917d17efa3b7a3b7d370eb172
    SHA-256: e2794e800940eea6e4efc20db182db225e90ef3961199f71b25ee47aa17a1d57
    Size: 43.82 kB
  26. mariadb-embedded-devel-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: ca34f25f57ad3f1d62990c4829fa798b
    SHA-256: e5834d88109a36c69e7b24121e7b2c03de66d6612ef4e4a80bb8827569e1b032
    Size: 43.80 kB
  27. mariadb-errmsg-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 8700f11475e4ae3d20c82844a15ac33f
    SHA-256: 3dd88ce810f624c7dd14947d40cb370ff8513589e086c8aef582ec51deb4e25a
    Size: 233.78 kB
  28. mariadb-errmsg-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 2a8e59c8fdfa6d3ad55cf8c4cdd5001b
    SHA-256: d352a41d02ea4c903f9c583fa1bd614a2087eba55ed215615a5c07fac333e608
    Size: 233.74 kB
  29. mariadb-gssapi-server-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: cd4315d47941c40ca83436353a26a0ae
    SHA-256: e9ce46bcb50a506519b7c6ffb48ccb53ce756ec133b331afeee38939a5f89f96
    Size: 50.43 kB
  30. mariadb-gssapi-server-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: cd70f00e7d0c40bb0c66f5ad91496689
    SHA-256: db31d48c88ba62b6f2c73576a94f64efdfb469dc13ab7cfc61c3f3520eedc8b4
    Size: 50.63 kB
  31. mariadb-oqgraph-engine-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: e7307fac5752bd07d7e7853d54c670d3
    SHA-256: 2383b793eac70d5362a6a2e299addde739b3f8070f311f09eca590bccbed5bef
    Size: 116.97 kB
  32. mariadb-oqgraph-engine-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 5f8cd26f8f1a6d1299e04c3ca8761d3d
    SHA-256: 914e78e308319d64c27bb0c66b66630e4c80f8f6f57988dcb9fca609b341a9d7
    Size: 112.89 kB
  33. mariadb-server-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 5c055710e263ec4380425d015d6e3b5a
    SHA-256: 33141a73e029ff7889dd1a5c7135cf684c70028c77f7a675074c1ed24fc433ba
    Size: 16.56 MB
  34. mariadb-server-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 59794612a75583262afdcda6bc92a142
    SHA-256: c5cdafece9a5bb226a428fcc8b6004ac92990662f99a7a7da137a12fa74ad318
    Size: 16.43 MB
  35. mariadb-server-galera-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: f93299ad82a8aaf6041ac31f3c5d5911
    SHA-256: 17c41240729ce600374f46206d91320a986e6405ae03ba265a225bb927b6abe1
    Size: 60.44 kB
  36. mariadb-server-galera-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: 384e4cb3d4dcdee830d4748b9069e54d
    SHA-256: 124db227929896c96d9445c58efde32cecd71b990a4830e26bedb483c9a3a0dd
    Size: 60.41 kB
  37. mariadb-server-utils-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: edeb449b8c35844a1b0c4910f4d59839
    SHA-256: bbbc177eac5df5d68caba0e0bb80ed0f0037ea9df1d2066e111d48e26ec5492d
    Size: 1.10 MB
  38. mariadb-server-utils-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: e4112eb4d96a86ead36a610a63718016
    SHA-256: ae4cddae46c25792954e5640f07e0648fdf16bd9fdb411089b92f061f106fac8
    Size: 1.15 MB
  39. mariadb-test-10.3.39-1.module+el8+1659+c1edb637.i686.rpm
    MD5: 042bc15ed5669a1b6a4756684e40a881
    SHA-256: c2ef5c27bae8d87af1054b15219bafc6df005f857e9379035447f78ea8deed66
    Size: 27.45 MB
  40. mariadb-test-10.3.39-1.module+el8+1659+c1edb637.x86_64.rpm
    MD5: e45767ab8c5db2f34ceb745d4bd53dac
    SHA-256: 5285deb7615d6fb03bc88d1b6b10cdc11d26f0704359aceb0ef84a414e973b5b
    Size: 36.41 MB