mariadb:10.5 security, bug fix, and enhancement update

エラータID: AXSA:2022-3173:01

リリース日: 
2022/05/09 Monday - 13:41
題名: 
mariadb:10.5 security, bug fix, and enhancement update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- mariadb には、特権を持った攻撃者により、複数のプロトコルでネットワークにアクセ
スを介して、DOS 攻撃が可能となる脆弱性があります。(CVE-2021-2154)

- mariadb には、特権を持った攻撃者により、複数のプロトコルでネットワークにアクセ
スを介して、DOS 攻撃が可能となる脆弱性があります。(CVE-2021-2166)

- mariadb には、特権を持った攻撃者により、複数のプロトコルでネットワークにアクセ
スを介して、DOS 攻撃が可能となる脆弱性があります。(CVE-2021-2372)

- mariadb には、特権を持った攻撃者により、複数のプロトコルでネットワークにアクセ
スを介して、DOS 攻撃が可能となる脆弱性があります。(CVE-2021-2389)

- mariadb には、特権を持った攻撃者により、複数のプロトコルでネットワークにアクセ
スを介して、DOS 攻撃ができたり、MySQL サーバーがアクセス可能な一部のデータに対し
て不正に update, insert, delete の実行が可能になる脆弱性があります。
(CVE-2021-35604)

- mariadb には、特定の ORDER BY サブクエリでクラッシュする脆弱性があります。
(CVE-2021-46657)

- mariadb には、save_window_function_values に サブクエリの
with_window_func=true を不適切に処理し、クラッシュする脆弱性があります。
(CVE-2021-46658)

- mariadb には、ネストされたサブクエリを伴う特定の UPDATE により、set_var.cc が
クラッシュする脆弱性があります。(CVE-2021-46662)

- mariadb には、HAVING 句から WHERE 句へのプッシュダウンの処理に誤りがあり、クラ
ッシュすることがある脆弱性があります。(CVE-2021-46666)

- mariadb には、sql_lex.cc に整数オーバーフローがあり、クラッシュすることがある
脆弱性があります。(CVE-2021-46667)

Modularity name: mariadb
Stream name: 10.5

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2021-2154
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2166
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2372
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2389
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-35604
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2021-46657
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
CVE-2021-46658
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
CVE-2021-46662
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
CVE-2021-46666
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
CVE-2021-46667
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. asio-1.10.8-7.module+el8+1410+b46e6e25.src.rpm
    MD5: c6d56dae1f43ad1e3772cac3b1350778
    SHA-256: 8d0f07eb44b06f4bbdad781cab561cd7cb5143d9ae5ebf67db598b9221b1439d
    Size: 0.99 MB
  2. galera-26.4.9-4.module+el8+1410+b46e6e25.src.rpm
    MD5: fda6d034632f3a5abf5089e01fb1ac58
    SHA-256: f7a55dd4866c91a4c7b06764ebe25469af33ae1f395aff38a3e59514045b274a
    Size: 3.43 MB
  3. Judy-1.0.5-18.module+el8+1410+b46e6e25.src.rpm
    MD5: e12bcd553ec5d8b46ae65b66a8ddd81b
    SHA-256: d99ca975875b6c40568616af10585340cd91c1f7c3fabfd381fc990c35a9e7b4
    Size: 1.10 MB
  4. mariadb-10.5.13-1.module+el8+1410+b46e6e25.src.rpm
    MD5: 8b4644a1065638138049211877c68153
    SHA-256: 974f8b8468d8282e310a0e25de8cc590405f63f599e7668422002ef116208d58
    Size: 79.56 MB

Asianux Server 8 for x86_64
  1. galera-26.4.9-4.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 2b978ec3caf33c1f43569371f0a4badb
    SHA-256: de1be6a9e04d22050e8ccf0ed5b8d449b240be7ad86d280ca4798385bcb5b055
    Size: 1.53 MB
  2. galera-debugsource-26.4.9-4.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: af160ed657d080aea9507411e0022295
    SHA-256: b46aaf26751e43d6bbb54fad2a1a76956d600b71695d040ec6707e6748a16c64
    Size: 504.28 kB
  3. Judy-1.0.5-18.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 7f247a79fa998686f5ed7a2e386c4e07
    SHA-256: 17e9fd23b9cfa937d9fc84ab2f5e0e6af6ac1ba8f6e23559d2ed3b3dc0d40378
    Size: 129.12 kB
  4. Judy-debugsource-1.0.5-18.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: b3ad7b2035995b384b9847ddb8c3754a
    SHA-256: 52e19f886a1f871b7e53accdce529777227bb06bbb34a41960cefd3ef9d83081
    Size: 157.63 kB
  5. mariadb-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: f431f22f6f994e717f215557dbe4efe5
    SHA-256: 40f289a17cb1477ec8041ec444a6003ff491028a7e76ff70b5d6b627180f0a9f
    Size: 6.21 MB
  6. mariadb-backup-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 6590ba48f5bba426797def47e186fdfa
    SHA-256: 26e8c1552b8d7142b60a65ecbc85c3e22ddaba847c62ce30a1b8bddc6672369d
    Size: 6.87 MB
  7. mariadb-common-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: d94fb83c47f92ff1068911cd42c8970d
    SHA-256: c122ee4b289ebf9e1d85a4db18450cc7243667183a6bb3d6868a09a4352cc8b0
    Size: 66.98 kB
  8. mariadb-debugsource-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: df8641e6a1f4373a9c810170ba86bd94
    SHA-256: b5cab347953b3d3329c1bfd546abd3ba1465182c24b770a0357924cc4128aa06
    Size: 9.92 MB
  9. mariadb-devel-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 75aa257d72ac15ce6ef783878c58b223
    SHA-256: c84e2be9ef52c2019f137465dae6f95baf30464e60d93606ac26996e87e7ce5c
    Size: 1.16 MB
  10. mariadb-embedded-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: cae392b5d85f864566e164d5709c8493
    SHA-256: ffa85491026cbeb255ef253d58d70ace34922d496a154e14e65b1043fed23d45
    Size: 5.45 MB
  11. mariadb-embedded-devel-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 8eaf0dd242d31aaff19a135cb0537dfa
    SHA-256: 93eb271bba18e32adeab806a3ae987bf9db66c2202083c81b7a6e267011373de
    Size: 47.60 kB
  12. mariadb-errmsg-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 3e6816d1159da2101ccb5af997451439
    SHA-256: 9c04ba9172e113de7a8e880eef464ea6944a7eab8306d255c2bd27f7a8442847
    Size: 238.77 kB
  13. mariadb-gssapi-server-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 1c2a2622f12a48b5a1a34fce62e3c887
    SHA-256: 238d9132e7996c838a40f187aa488dc54851008e491feef5bc69745da1f6e81d
    Size: 54.43 kB
  14. mariadb-oqgraph-engine-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 679bf9634dc6c9d59d9d88acdd5b50b9
    SHA-256: ecbf586e4a52c44f14acd1f81103ddf762c6e8497b5145771469aecea46ea3b1
    Size: 117.35 kB
  15. mariadb-pam-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: b7ab03b93fe5c9969020ea8e1e5d3c5a
    SHA-256: 8777dcf50288066823e302319e8ae92b6a9c2f8089b97e1e0d317a787dd4cb77
    Size: 63.44 kB
  16. mariadb-server-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 7ad7bfcf4f74ca12bbfa80f09a967de5
    SHA-256: a7a4261282d5378b465767e4a623a6a53b3d637db7e9489a356351b28a80adf3
    Size: 18.22 MB
  17. mariadb-server-galera-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: 9c9246e2c69a10500543a633ff2c7d2a
    SHA-256: 4951444cffb2abf73e4dae19faa5404c1621e241fdd4001d42916963373d13d3
    Size: 64.25 kB
  18. mariadb-server-utils-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: a8f216d18ca6c3f2435ccc4a582c9106
    SHA-256: 53e6768b1c75a9faa095257ac018cbb19f9ab4a7b4e64c582042094fe737fd15
    Size: 1.19 MB
  19. mariadb-test-10.5.13-1.module+el8+1410+b46e6e25.x86_64.rpm
    MD5: aaa8f231c78210e6a148d21fe343879b
    SHA-256: 3a25a72947df1f2a5375f038ec1f99571f31ace93f04cfb53b78d9f079466823
    Size: 30.33 MB