First Last Prev Next    This bug is not in your last search results.
Bug 54604 - mariadb-10.3: Multiple issues (5.0)
mariadb-10.3: Multiple issues (5.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 5.0
All Linux
: P3 normal (vote)
: UCS 5.0-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-28 09:15 CEST by Quality Assurance
Modified: 2022-03-30 12:41 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) NVD RedHat

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2022-03-28 09:15:51 CEST 
New Debian mariadb-10.3 1:10.3.34-0+deb10u1 fixes:
This update addresses the following issues:
* InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)
* Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659)
* MariaDB allows an application crash in find_field_in_tables and  find_order_in_list via an unused common table expression (CTE)  (CVE-2021-46661)
* Crash in set_var.cc via certain UPDATE queries with nested subqueries  (CVE-2021-46662)
* MariaDB through 10.5.13 allows a ha_maria::extra application crash via  certain SELECT statements (CVE-2021-46663)
* MariaDB through 10.5.9 allows an application crash in  sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)
* MariaDB through 10.5.9 allows a sql_parse.cc application crash because of  incorrect used_tables expectations (CVE-2021-46665)
* Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)
* MariaDB through 10.5.9 allows an application crash via certain long SELECT  DISTINCT statements (CVE-2021-46668)
* MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege  Escalation Vulnerability. This vulnerability allows local attackers to  escalate privileges on affected installations of MariaDB. Authentication is  required to exploit this vulnerability. The specific flaw exists within the  processing of SQL queries. The issue results from the lack of proper  validation of the length of user-supplied data prior to copying it to a  fixed-length stack-based buffer. An attacker can leverage this  vulnerability to escalate privileges and execute arbitrary code in the  context of the service account. Was ZDI-CAN-16191. (CVE-2022-24048)
* MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation  Vulnerability. This vulnerability allows local attackers to escalate  privileges on affected installations of MariaDB. Authentication is required  to exploit this vulnerability. The specific flaw exists within the  processing of SQL queries. The issue results from the lack of validating  the existence of an object prior to performing operations on the object. An  attacker can leverage this vulnerability to escalate privileges and execute  arbitrary code in the context of the service account. Was ZDI-CAN-16207.  (CVE-2022-24050)
* lack of proper validation of a user-supplied string before using it as a  format specifier (CVE-2022-24051)
* CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation  Vulnerability (CVE-2022-24052)
Comment 1 Quality Assurance univentionstaff 2022-03-28 10:01:33 CEST 
--- mirror/ftp/pool/main/m/mariadb-10.3/mariadb-10.3_10.3.31-0+deb10u1.dsc
+++ apt/ucs_5.0-0-errata5.0-1/source/mariadb-10.3_10.3.34-0+deb10u1.dsc
@@ -1,3 +1,30 @@
+1:10.3.34-0+deb10u1 [Wed, 16 Feb 2022 21:38:46 -0800] Otto Kekäläinen <otto@debian.org>:
+
+  * New upstream version 10.3.34. Includes security fixes for:
+    - CVE-2021-46661
+    - CVE-2021-46663
+    - CVE-2021-46664
+    - CVE-2021-46665
+    - CVE-2021-46668
+  * Previous upstream version 10.3.33 included security fixes for:
+    - CVE-2021-46659
+    - CVE-2022-24048
+    - CVE-2022-24050
+    - CVE-2022-24051
+    - CVE-2022-24052
+  * Previous upstream version 10.3.32 included security fixes for:
+    - CVE-2021-35604
+    - CVE-2021-46662
+    - CVE-2021-46667
+  * Drop MIPS and libatomic patches applied now upstream
+  * Upstream issue MDEV-25114 about Galera WSREP invalid state
+    fixed (Closes: #989898)
+  * Salsa-CI: Install latest archive keys to fix Jessie upgrade regression
+  * Upstream version 10.3.33 was skipped as upstream pulled the release within a
+    couple of days of release due to severe regression
+  * Notable upstream functional changes in 10.3.33:
+    - New default minimum value for innodb_buffer_pool_size is 20 MB (from 2 MB)
+
 1:10.3.31-0+deb10u1 [Thu, 24 Jun 2021 23:05:28 -0700] Otto Kekäläinen <otto@debian.org>:
 
   * New upstream version 10.3.31. Includes security fixes for:

<http://piuparts.knut.univention.de/5.0-1/#6470457035767921073>
Comment 2 Philipp Hahn univentionstaff 2022-03-30 09:12:37 CEST 
OK: yaml
OK: announce_errata
OK: patch
~OK: piuparts
 IGN: mariadb-plugin-mroonga.piuparts
 IGN: mariadb-plugin-spide.piuparts

[5.0-1] f495d0f810 Bug #54604: mariadb-10.3 1:10.3.34-0+deb10u1
 doc/errata/staging/mariadb-10.3.yaml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

[5.0-1] 44dfbc43c8 Bug #54604: mariadb-10.3 1:10.3.34-0+deb10u1
 doc/errata/staging/mariadb-10.3.yaml | 61 ++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
First Last Prev Next    This bug is not in your last search results.