Univention Bugzilla – Bug 55210
mariadb-10.3: Multiple issues (5.0)
Last modified: 2022-10-06 09:49:56 CEST
New Debian mariadb-10.3 1:10.3.36-0+deb10u1 fixes: This update addresses the following issues: * MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669) * Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427) * assertion failure in Item_args::walk_arg (CVE-2022-27376) * use-after-poison when complex conversion is involved in blob (CVE-2022-27377) * server crash in create_tmp_table::finalize (CVE-2022-27378) * server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379) * server crash at my_decimal::operator= (CVE-2022-27380) * server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381) * use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383) * crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384) * server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386) * assertion failures in decimal_bin_size (CVE-2022-27387) * assertion failure in compare_order_elements (CVE-2022-27445) * use-after-poison in Binary_string::free_buffer (CVE-2022-27447) * crash in multi-update and implicit grouping (CVE-2022-27448) * assertion failure in sql/item_func.cc (CVE-2022-27449) * assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452) * assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456) * use-after-poison in Binary_string::free_buffer (CVE-2022-27458) * server crash at Item_subselect::init_expr_cache_tracker (CVE-2022-32083) * segmentation fault via the component sub_select (CVE-2022-32084) * server crash in Item_func_in::cleanup/Item::cleanup_processor (CVE-2022-32085) * server crash in Item_args::walk_args (CVE-2022-32087) * segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort (CVE-2022-32088) * server crash in JOIN_CACHE::free or in copy_fields (CVE-2022-32091)
--- mirror/ftp/pool/main/m/mariadb-10.3/mariadb-10.3_10.3.34-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/mariadb-10.3_10.3.36-0+deb10u1.dsc @@ -1,3 +1,35 @@ +1:10.3.36-0+deb10u1 [Wed, 14 Sep 2022 14:27:48 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * New upstream version 10.3.36. Includes security fixes for: + - CVE-2018-25032 + - CVE-2022-32091 + - CVE-2022-32084 + * New upstream version 10.3.35. Includes security fixes for: + - CVE-2021-46669 + - CVE-2022-21427 + - CVE-2022-27376 + - CVE-2022-27377 + - CVE-2022-27378 + - CVE-2022-27379 + - CVE-2022-27380 + - CVE-2022-27381 + - CVE-2022-27383 + - CVE-2022-27384 + - CVE-2022-27386 + - CVE-2022-27387 + - CVE-2022-27445 + - CVE-2022-27447 + - CVE-2022-27448 + - CVE-2022-27449 + - CVE-2022-27452 + - CVE-2022-27456 + - CVE-2022-27458 + - CVE-2022-32087 + - CVE-2022-32085 + - CVE-2022-32083 + - CVE-2022-32088 + 1:10.3.34-0+deb10u1 [Wed, 16 Feb 2022 21:38:46 -0800] Otto Kekäläinen <otto@debian.org>: * New upstream version 10.3.34. Includes security fixes for: <http://piuparts.knut.univention.de/5.0-2/#8525060377683596603>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts > Processing triggers for mariadb-server-10.3 (1:10.3.36-0+deb10u1) ... > postinst called with unknown argument 'triggered' > dpkg: error processing package mariadb-server-10.3 (--configure): -> filed upstream Bug https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=mariadb-server-10.3;dist=unstable [5.0-2] 74ed66754c Bug #55210: mariadb-10.3 1:10.3.36-0+deb10u1 doc/errata/staging/mariadb-10.3.yaml | 49 ++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 24 deletions(-) [5.0-2] 74e1014e9f Bug #55210: mariadb-10.3 1:10.3.36-0+deb10u1 doc/errata/staging/mariadb-10.3.yaml | 69 ++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+)
(In reply to Philipp Hahn from comment #2) > ~OK: piuparts > > Processing triggers for mariadb-server-10.3 (1:10.3.36-0+deb10u1) ... > > postinst called with unknown argument 'triggered' > > dpkg: error processing package mariadb-server-10.3 (--configure): > -> filed upstream Bug > https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=mariadb-server-10.3;dist=unstable https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020301
<https://errata.software-univention.de/#/?erratum=5.0x427>
Regression: mariadb-10.3 1:10.3.36-0+deb10u{1→2} [5.0-2] 002a6d3eb4 Bug #55210: mariadb-10.3 1:10.3.36-0+deb10u2 doc/errata/staging/mariadb-10.3.yaml | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+)
--- mirror/ftp/pool/main/m/mariadb-10.3/mariadb-10.3_10.3.36-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/mariadb-10.3_10.3.36-0+deb10u2.dsc @@ -1,3 +1,8 @@ +1:10.3.36-0+deb10u2 [Fri, 30 Sep 2022 13:07:30 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Rebuild without upstream extra debian/ files (including a trigger + file for mariadb-server-10.3). Closes: #1020301. + 1:10.3.36-0+deb10u1 [Wed, 14 Sep 2022 14:27:48 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/5.0-2/#8525060377686844178>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts fixed bug in previous package; most plugin package are still failing because of this [5.0-2] a318b41b5f Bug #55210: mariadb-10.3 1:10.3.36-0+deb10u2 doc/errata/staging/mariadb-10.3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-2] 002a6d3eb4 Bug #55210: mariadb-10.3 1:10.3.36-0+deb10u2 doc/errata/staging/mariadb-10.3.yaml | 70 ++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x443>