Univention Bugzilla – Bug 54604
mariadb-10.3: Multiple issues (5.0)
Last modified: 2022-03-30 12:41:39 CEST
New Debian mariadb-10.3 1:10.3.34-0+deb10u1 fixes: This update addresses the following issues: * InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604) * Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659) * MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661) * Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662) * MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663) * MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664) * MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665) * Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667) * MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668) * MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. (CVE-2022-24048) * MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. (CVE-2022-24050) * lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051) * CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability (CVE-2022-24052)
--- mirror/ftp/pool/main/m/mariadb-10.3/mariadb-10.3_10.3.31-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/mariadb-10.3_10.3.34-0+deb10u1.dsc @@ -1,3 +1,30 @@ +1:10.3.34-0+deb10u1 [Wed, 16 Feb 2022 21:38:46 -0800] Otto Kekäläinen <otto@debian.org>: + + * New upstream version 10.3.34. Includes security fixes for: + - CVE-2021-46661 + - CVE-2021-46663 + - CVE-2021-46664 + - CVE-2021-46665 + - CVE-2021-46668 + * Previous upstream version 10.3.33 included security fixes for: + - CVE-2021-46659 + - CVE-2022-24048 + - CVE-2022-24050 + - CVE-2022-24051 + - CVE-2022-24052 + * Previous upstream version 10.3.32 included security fixes for: + - CVE-2021-35604 + - CVE-2021-46662 + - CVE-2021-46667 + * Drop MIPS and libatomic patches applied now upstream + * Upstream issue MDEV-25114 about Galera WSREP invalid state + fixed (Closes: #989898) + * Salsa-CI: Install latest archive keys to fix Jessie upgrade regression + * Upstream version 10.3.33 was skipped as upstream pulled the release within a + couple of days of release due to severe regression + * Notable upstream functional changes in 10.3.33: + - New default minimum value for innodb_buffer_pool_size is 20 MB (from 2 MB) + 1:10.3.31-0+deb10u1 [Thu, 24 Jun 2021 23:05:28 -0700] Otto Kekäläinen <otto@debian.org>: * New upstream version 10.3.31. Includes security fixes for: <http://piuparts.knut.univention.de/5.0-1/#6470457035767921073>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts IGN: mariadb-plugin-mroonga.piuparts IGN: mariadb-plugin-spide.piuparts [5.0-1] f495d0f810 Bug #54604: mariadb-10.3 1:10.3.34-0+deb10u1 doc/errata/staging/mariadb-10.3.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) [5.0-1] 44dfbc43c8 Bug #54604: mariadb-10.3 1:10.3.34-0+deb10u1 doc/errata/staging/mariadb-10.3.yaml | 61 ++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x271>